gangtise-copilot
Warn
Audited by Socket on May 18, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill's purpose broadly matches its capabilities, and the credential validation flow appears to target official Gangtise endpoints, but trust is weakened because the wrapper comes from a third-party GitHub publisher, installs 19 additional remote skills, and uses unpinned downloads without integrity verification. This is better classified as a high supply-chain and transitive-trust risk than confirmed malware.
Confidence: 87%Severity: 76%
Audit Metadata