cloudflare-traffic-investigator

Warn

Audited by Socket on Mar 25, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s purpose is coherent with Cloudflare traffic investigation, and the intended data flow appears to target first-party Cloudflare services. However, it relies on an unverified `cloudflare-mcp-cli` package/binary installed via unpinned npm and then used for authenticated Cloudflare access, creating a high supply-chain and credential-forwarding risk that is disproportionate for incident investigation.

Confidence: 84%Severity: 82%
Audit Metadata
Analyzed At
Mar 25, 2026, 10:08 PM
Package URL
pkg:socket/skills-sh/delexw%2Fclaude-code-misc%2Fcloudflare-traffic-investigator%2F@7157b6cc65228cafeadd61c94e6b71ee6dbb32c4
Security Audit — socket — cloudflare-traffic-investigator