when-creating-slash-commands-use-slash-command-encoder

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
PROCESS.md

No explicit malicious payload is visible in the provided bash snippet. However, the workflow repeatedly executes an unpinned `npx claude-flow@alpha` tool, generates executable JavaScript, builds a bundle, installs it, and then runs an analysis step against local code. Without version pinning and artifact integrity verification, the dominant risk is supply-chain compromise (malicious or changed upstream tool generating/installable code), rather than obvious in-script malware.

Confidence: 64%Severity: 62%
Audit Metadata
Analyzed At
Jun 26, 2026, 03:23 AM
Package URL
pkg:socket/skills-sh/DNYoussef%2Fai-chrome-extension%2Fwhen-creating-slash-commands-use-slash-command-encoder%2F@7225221abe18bf7acb3d3e4d303962442fee207b6fd26c464d1da6d7e516a2c8
Security Audit — socket — when-creating-slash-commands-use-slash-command-encoder