skills/agentskillexchange/skills/GraphQL Schema Registry Client/Socket

GraphQL Schema Registry Client

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS: the stated GraphQL schema-management purpose is plausible, but the actual footprint shown here is mainly a transitive skill installer from an unverifiable publisher, with inconsistent provenance metadata (`graphql-js` vs Apollo/rover functionality). No direct exfiltration or malware is visible in the provided text, but the install trust chain is not proportionate enough to classify as benign.

Confidence: 86%Severity: 74%

Audit Metadata

Analyzed At

Mar 29, 2026, 02:39 AM

Package URL

pkg:socket/skills-sh/agentskillexchange%2Fskills%2Fgraphql-schema-registry-client%2F@aee0b4d03465b8d2aaae70f0ca29960dfc07a9c6