when-mapping-dependencies-use-dependency-mapper
Warn
Audited by Socket on Jun 26, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: The core purpose and capabilities are mostly coherent for a dependency-mapping skill, and there is no explicit malware pattern or dangerous installer. The main concern is trust expansion to third-party tooling: claude-flow@alpha is not an official Claude Code dependency, and the MCP/subagent components lack verifiable endpoint and data-flow details. This is best classified as medium risk due to external-tool provenance and unspecified outbound data handling, not confirmed malicious behavior.
Confidence: 84%Severity: 57%
Audit Metadata