handover
Warn
Audited by Socket on May 22, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core purpose is coherent for an AEM handover orchestrator, and network calls target official Adobe endpoints, but the skill has a broader footprint than expected: it installs Playwright at runtime, extracts browser auth cookies into a local config file, and delegates work to additional skills/agents with inherited permissions. This looks more like a high-risk orchestration skill than overt malware.
Confidence: 88%Severity: 68%
Audit Metadata