competitor-research

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core purpose is coherent, but the skill routes all research through a third-party aggregator CLI instead of calling official provider APIs directly. That makes install trust and data-flow integrity weaker than a normal research skill, especially if internal positioning context influences outbound queries. No clear malware or credential theft behavior is shown, but the brokered execution model is a meaningful security concern.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 04:18 AM
Package URL
pkg:socket/skills-sh/CodeAlive-AI%2Fceo-ai-os%2Fcompetitor-research%2F@fe125f542ea0b570e666241b60c93c85007a6974073846c79f32e59433248ae1
Security Audit — socket — competitor-research