verify-sources

Warn

Audited by Socket on Apr 4, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The stated purpose is coherent, but the skill depends on an opaque custom MCP tool that cannot be independently verified from the provided evidence, and it has broader-than-necessary execution permission via Bash. No direct credential theft or overt malicious behavior is shown, but trust and data-flow transparency are insufficient for a benign classification.

Confidence: 84%Severity: 74%
Audit Metadata
Analyzed At
Apr 4, 2026, 10:06 PM
Package URL
pkg:socket/skills-sh/bitwize-music-studio%2Fclaude-ai-music-skills%2Fverify-sources%2F@5f78ac7c7829ae8e2abf7a59cc8f939b3c513746
Security Audit — socket — verify-sources