when-orchestrating-swarm-use-swarm-orchestration

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
PROCESS.md

No direct malicious behavior is evident in the Bash wrapper itself (no explicit exfiltration, credential access, eval/dynamic code execution, or destructive actions). However, the script repeatedly executes an unpinned npm package reference via `npx` and uses its outputs to drive further actions, making supply-chain integrity and runtime behavior the main security concern. Pin and verify the exact `claude-flow` version (and lockfile/dependency tree), and review/monitor network and file behaviors of the underlying CLI—especially during orchestration, results collection, synthesis, and report generation.

Confidence: 60%Severity: 60%
Audit Metadata
Analyzed At
Jun 26, 2026, 03:23 AM
Package URL
pkg:socket/skills-sh/DNYoussef%2Fai-chrome-extension%2Fwhen-orchestrating-swarm-use-swarm-orchestration%2F@1df587f7d04371a3ae10b0e437315ebf88ab47440a2f937103ff1516eeba5984
Security Audit — socket — when-orchestrating-swarm-use-swarm-orchestration