brand-intel-branddev

Warn

Audited by Socket on Jul 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose is coherent, but its data flow is weaker than expected because Brand.dev requests and bearer credentials are routed through a Gooseworks/Orthogonal proxy instead of the official Brand.dev API. This looks more like a managed gateway than overt malware, but the proxying and raw credential-file handling create meaningful trust and exposure risk.

Confidence: 85%Severity: 58%
Audit Metadata
Analyzed At
Jul 2, 2026, 06:17 AM
Package URL
pkg:socket/skills-sh/athina-ai%2Fgoose-skills%2Fbrand-intel-branddev%2F@3d3e30290f5441f1f7d5023ce9ce352c2f6400743461f4bdcd6b80ebbd118b42
Security Audit — socket — brand-intel-branddev