skills/broomva/harness-engineering/harness-engineering-playbook/Socket

harness-engineering-playbook

Warn

Audited by Socket on Jun 1, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: the skill’s stated repo-bootstrap purpose is coherent and no direct credential harvesting is shown, but installation relies on a transitive `npx skills add` trust chain with partially verified publisher provenance, unpinned remote code, and default CLI telemetry to `skills.sh`. This is best classified as medium risk supply-chain exposure rather than malware.

Confidence: 84%Severity: 58%

Audit Metadata

Analyzed At

Jun 1, 2026, 01:57 PM

Package URL

pkg:socket/skills-sh/broomva%2Fharness-engineering%2Fharness-engineering-playbook%2F@55edcdea6a635d4fc689e91693c0e3f2abea954e