codeflow
Audited by Socket on Jun 27, 2026
2 alerts found:
Anomalyx2SUSPICIOUS. The skill’s purpose and core capabilities are mostly coherent, and the upstream self-host instructions match the named CodeFlow project. However, trust is diluted by reliance on a third-party hosted frontend on a Vercel subdomain, unpinned `git clone` installation from a mutable branch, and transitive installation through `npx skills add`. This looks more like a legitimate but medium-risk wrapper than malware; the main concerns are supply-chain and trust-chain exposure rather than clear exfiltration.
This wrapper appears benign in its own logic (no credential theft, obfuscation, or exfiltration), but it carries a meaningful supply-chain risk: it clones/pulls unpinned remote repository content into a local directory and then immediately opens index.html in the user’s browser, which will execute whatever client-side code is present. The lack of commit/tag pinning or integrity verification and the ability to override CODEFLOW_REPO amplify the risk if upstream content or the environment is compromised.