Skills
skills/dnyoussef/ai-chrome-extension/github-project-management/Socket

github-project-management

Warn

Audited by Socket on Apr 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's GitHub management behavior mostly matches its stated purpose, but it relies heavily on third-party swarm CLIs executed via `npx`, including an alpha package, and grants broad automation powers over GitHub content. Main concerns are supply-chain trust, external processing of repository data, and autonomous actions on untrusted issue/comment content rather than clear malicious intent.

Confidence: 86%Severity: 74%
Audit Metadata
Analyzed At
Apr 2, 2026, 07:17 AM
Package URL
pkg:socket/skills-sh/dnyoussef%2Fai-chrome-extension%2Fgithub-project-management%2F@c4c7836c43f0082eed8cd239d4506b80b4ee70a8
Security Audit — socket — github-project-management