taskloop
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses expected first-party services, but it enables persistent autonomous coding and PR actions, stores/uses raw API credentials, and explicitly instructs the agent to hide AI involvement. No strong evidence of credential harvesting or third-party exfiltration, so this is not confirmed malware, but it is a high-risk autonomous workflow.
Confidence: 88%Severity: 78%
Audit Metadata