bughunt

Warn

Audited by Socket on Jun 13, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
SKILL.md
AnomalyLOW
README.md

This snippet does not include inspectable logic; it triggers remote code execution via `npx` by installing and registering an external `av/skills` “bughunt” skill. The primary risk is supply-chain execution without explicit version/integrity pinning. Malware cannot be verified from the fragment alone, but the command structure makes it essential to review the resolved package contents (including install/postinstall scripts) and monitor its network/filesystem/process behavior during execution.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 10:46 PM
Package URL
pkg:socket/skills-sh/av%2Fskills%2Fbughunt%2F@6b4e34cb9b7783d9334438bff91ff580dee573a4837c10120102b54d7c4ed9f4
Security Audit — socket — bughunt