Hooks Automation

Fail

Audited by Socket on Apr 2, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

SUSPICIOUS. The skill is broadly aligned with hook automation, but its footprint is large: a third-party alpha CLI is installed as the control plane, hooks execute automatically across many tool events, and untrusted tool parameters are interpolated into shell commands. No clear credential theft or overt exfiltration is shown, so this is not confirmed malware, but it carries meaningful supply-chain and execution-surface risk.

Confidence: 81%Severity: 64%
Audit Metadata
Analyzed At
Apr 2, 2026, 07:17 AM
Package URL
pkg:socket/skills-sh/dnyoussef%2Fai-chrome-extension%2Fhooks-automation%2F@b0bd2ca955c8a2975de508daa0fe41ed33d40771
Security Audit — socket — Hooks Automation