github-project-management

Warn

Audited by Socket on Jun 14, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the GitHub management functionality is mostly aligned with the skill’s purpose, and `gh` usage is normal, but the skill delegates privileged project operations to third-party swarm packages executed via mutable `npx` commands from a different publisher. That creates medium supply-chain and delegated-access risk even without clear evidence of malware or explicit credential theft.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 14, 2026, 06:41 AM
Package URL
pkg:socket/skills-sh/frankxai%2Fclaude-skills-library%2Fgithub-project-management%2F@d69346e477fa465d8818bea4e25628019d29f69e98020bef8a4ce466cac8200c
Security Audit — socket — github-project-management