Skills
skills/circlefin/skills/use-circle-cli/Socket

use-circle-cli

Warn

Audited by Socket on May 11, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill is largely coherent with its stated Circle CLI purpose and uses a plausible official npm package, but it is high risk because it empowers autonomous financial actions, encourages broad fallback activation beyond explicit Circle tasks, and can install/update additional skills. Main concern is dangerous capability scope and transitive trust, not confirmed malware or overt credential theft.

Confidence: 84%Severity: 78%
Audit Metadata
Analyzed At
May 11, 2026, 11:41 AM
Package URL
pkg:socket/skills-sh/circlefin%2Fskills%2Fuse-circle-cli%2F@3284f630171995875c99e604ecf5a6ab7323e212