competitor-research
Warn
Audited by Socket on Jun 17, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core purpose is coherent, but the skill routes all research through a third-party aggregator CLI instead of calling official provider APIs directly. That makes install trust and data-flow integrity weaker than a normal research skill, especially if internal positioning context influences outbound queries. No clear malware or credential theft behavior is shown, but the brokered execution model is a meaningful security concern.
Confidence: 100%Severity: 60%
Audit Metadata