taskloop

Warn

Audited by Socket on May 15, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses expected first-party services, but it enables persistent autonomous coding and PR actions, stores/uses raw API credentials, and explicitly instructs the agent to hide AI involvement. No strong evidence of credential harvesting or third-party exfiltration, so this is not confirmed malware, but it is a high-risk autonomous workflow.

Confidence: 88%Severity: 78%
Audit Metadata
Analyzed At
May 15, 2026, 07:45 AM
Package URL
pkg:socket/skills-sh/CoRLab-Tech%2Fskills%2Ftaskloop%2F@c0e356d88da750de0f931f5ab763680ee511dbbc
Security Audit — socket — taskloop