when-analyzing-user-intent-use-intent-analyzer

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s stated purpose is benign, but its actual footprint is broader than necessary: it captures environment/workspace context and repeatedly forwards analysis tasks through a mutable third-party `npx ...@alpha` CLI. Provenance for `claude-flow` is better than a random installer, so this is not confirmed malware, but the combination of disproportionate context access and external CLI mediation raises medium security risk.

Confidence: 84%Severity: 62%
Audit Metadata
Analyzed At
Jun 26, 2026, 03:23 AM
Package URL
pkg:socket/skills-sh/DNYoussef%2Fai-chrome-extension%2Fwhen-analyzing-user-intent-use-intent-analyzer%2F@4ef7adaa1077cb08da8dc6f01c4141cdfe5d044414b338d327ef1b45d4fc9cbb
Security Audit — socket — when-analyzing-user-intent-use-intent-analyzer