upskill

Warn

Audited by Socket on Jul 3, 2026

2 alerts found:

Anomalyx2
AnomalyLOW
SKILL.md

SUSPICIOUS. The footprint mostly matches the stated purpose of session-to-skill distillation, but the recommended curl|bash installer, persistent hook installation, and broad session-context capture create meaningful security risk. I see no confirmed malware or overt credential-harvesting behavior in the provided skill text, but the install trust and data-retention scope are stronger than a simple routing wrapper.

Confidence: 76%Severity: 58%
AnomalyLOW
scripts/install.sh

No explicit malicious payload is visible in this wrapper code, but it is a high-sensitivity supply-chain installer that performs unauthenticated remote code execution (curl of an upstream install.sh piped directly into bash) and can also execute additional externally fetched logic via npx when GLOBAL=1. With UPSKILL_REF being user-controlled and no integrity verification/pinning enforced here, the key risk is upstream/ref/network compromise leading to arbitrary code execution on the installing machine.

Confidence: 70%Severity: 68%
Audit Metadata
Analyzed At
Jul 3, 2026, 06:40 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fupskill%2F@1db5e9e363f00a68ee51c6e550600c24037147714539767db5ca71d0cff7514f
Security Audit — socket — upskill