skills-management

Warn

Audited by Socket on May 4, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill's stated purpose matches its capabilities, and its primary remote tooling appears to be the official Vercel Labs Skills CLI. However, its core behavior is transitive installation and management of third-party skills from arbitrary repos, giving external skill instructions the agent's permissions across many local agent directories. This is a coherent but inherently high-trust workflow, so the main concern is supply-chain and transitive-skill risk rather than confirmed malware.

Confidence: 89%Severity: 76%
Audit Metadata
Analyzed At
May 4, 2026, 11:51 PM
Package URL
pkg:socket/skills-sh/CodeAlive-AI%2Fai-driven-development%2Fskills-management%2F@6e2ea3566567d24446d5e862082d3a1b711a47eb
Security Audit — socket — skills-management