drive-tick

Warn

Audited by Socket on May 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill’s capabilities mostly fit its stated purpose as an autonomous drive-loop tick, but its footprint is high-risk because it processes untrusted PR/inbox content while retaining authority to edit code, push commits, post replies, and recursively continue work via delegated internal skills. No clear malware or external credential-harvesting path is present in this fragment, and no remote installer is specified.

Confidence: 89%Severity: 74%
Audit Metadata
Analyzed At
May 16, 2026, 07:38 AM
Package URL
pkg:socket/skills-sh/doodledood%2Fclaude-code-plugins%2Fdrive-tick%2F@c80eec5badde68eb77651a2b81fee7fccb6ff9cf
Security Audit — socket — drive-tick