mcp-app-dev-setup

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s capabilities largely fit its dev-setup purpose, and there is no clear exfiltration or stealth behavior. Risk comes from cloning and executing an unpinned, not-publicly-verifiable Forge repo and then using real cluster credentials with that code; this is a medium supply-chain and credential-forwarding concern, not confirmed malware.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 11:20 AM
Package URL
pkg:socket/skills-sh/elastic%2Fexample-mcp-app-observability%2Fmcp-app-dev-setup%2F@b512b76dd7e80c181d9879922966d34983ea60b2a83475f5a29f5e55a72b380b
Security Audit — socket — mcp-app-dev-setup