jarvis-mission-control

Fail

Audited by Socket on Jun 26, 2026

3 alerts found:

Anomalyx2Obfuscated File
AnomalyLOW
SKILL.md

SUSPICIOUS: the overall purpose is plausible, but the skill materially understates its footprint. It directs execution of remote repo code and npm dependencies, mixes publisher identity between MissionDeck.ai and a personal GitHub account, describes outbound integrations despite 'data_local_only' claims, and includes transitive skill installation guidance. No confirmed credential theft or overtly malicious payload is shown, but the documentation is internally inconsistent enough to warrant caution.

Confidence: 82%Severity: 62%
AnomalyLOW
skill/SKILL.md

SUSPICIOUS: the skill is broadly aligned with a mission-control dashboard, but its footprint is larger than a simple monitoring tool. Local session-file reading, browser-based file editing, CLI execution, webhook delivery, cloud API-key flows, and transitive skill installation create medium risk even though there is no clear evidence of malware or hidden exfiltration.

Confidence: 82%Severity: 62%
Obfuscated FileHIGH
docs/archive/SECURITY-VALIDATION-2026-03-03.md

The fragment indicates a strengthened security posture with path traversal protections and XSS mitigations, culminating in production readiness. No explicit malware or backdoors are evidenced in the narrative, but definitive verification requires access to the actual codebase, test artifacts, and execution logs. Deployment should pair these controls with robust authentication, access controls, and network restrictions given open bindings. Overall, the report presents a credible hardening effort, though the evidence is not independently verifiable from the fragment alone.

Confidence: 90%
Audit Metadata
Analyzed At
Jun 26, 2026, 07:51 AM
Package URL
pkg:socket/skills-sh/asif2bd%2Fjarvis-mission-control-openclaw%2Fjarvis-mission-control%2F@43b70836494e20a87b911df794408f1e04185d22
Security Audit — socket — jarvis-mission-control