github-evidence-kit

Warn

Audited by Socket on May 31, 2026

1 alert found:

Anomaly
AnomalyLOW
tests/fixtures/gharchive_amazon_q_timeline_evidence.json

No actual code/module contents were provided, so source/sink/data-flow analysis is not possible. The surrounding metadata includes multiple high-suspicion supply-chain indicators (tampering claims involving packaging scripts and a backup/payload file, an IOC commit SHA, and a later revert attempt), but malicious behavior cannot be confirmed without inspecting the referenced file contents/diffs. Treat the dependency as requiring urgent verification of the specific build/packaging artifacts and master-line commits referenced by the IOCs.

Confidence: 40%Severity: 55%
Audit Metadata
Analyzed At
May 31, 2026, 12:33 AM
Package URL
pkg:socket/skills-sh/gadievron%2Fraptor%2Fgithub-evidence-kit%2F@e04bfa9107cb3e1be2d8d66480ff1fef604024e1
Security Audit — socket — github-evidence-kit