auto

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s stated purpose matches its behavior, but it deliberately removes approval gates and enables autonomous execution and PR follow-up based on inferred context. There is no direct evidence of malware, credential theft, or remote payload execution in this snippet, yet the autonomy and transitive trust in other manifest-dev skills create meaningful operational risk.

Confidence: 84%Severity: 72%
Audit Metadata
Analyzed At
May 16, 2026, 07:38 AM
Package URL
pkg:socket/skills-sh/doodledood%2Fclaude-code-plugins%2Fauto%2F@a0b12f93bbb50fd2366c9053640ae3750dbed68f
Security Audit — socket — auto