sync-manifest-dev

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s behavior matches its stated purpose, and its file access/deletion rules are relatively well-scoped, so it is not fundamentally deceptive. The main risk is supply-chain trust: it pulls mutable plugin content from a personal GitHub repo and installs that content into .claude/ without pinning or verification, creating a medium-risk transitive trust chain rather than clear malware.

Confidence: 88%Severity: 56%
Audit Metadata
Analyzed At
May 16, 2026, 07:38 AM
Package URL
pkg:socket/skills-sh/doodledood%2Fclaude-code-plugins%2Fsync-manifest-dev%2F@e795706e1b89b3a7714ad73c766d1a813817344d
Security Audit — socket — sync-manifest-dev