agentation

Fail

Audited by Socket on Jun 27, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
scripts/setup-agentation-mcp.sh

The script itself is not an active malware payload, but it materially increases supply-chain and execution risk by programmatically registering an MCP entry that runs 'npx -y agentation-mcp server' across multiple user agent configurations. That deferred execution means installing or running this script without auditing the referenced npm package (agentation-mcp) can lead to arbitrary third-party code execution. Recommend: (1) review the 'agentation-mcp' npm package source and provenance before applying these config changes; (2) avoid '-y' auto-installation flags or change to a pinned, vendored binary; (3) back up existing config files before running and prefer interactive confirmation; (4) prefer using package managers with integrity checks (pnpm/npm with lockfiles) or locally-installed binaries instead of npx auto-fetch.

Confidence: 90%
Audit Metadata
Analyzed At
Jun 27, 2026, 04:59 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fagentation%2F@c77a4f95762de70e74e827f4fc6ba2440fa59e754553cf58833b4c31a0844e2b
Security Audit — socket — agentation