skillify

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core skillify workflow is plausible, but the actual footprint is much broader than its stated purpose: telemetry, artifact sync, repo routing injection, config changes, and git commits can all occur around a simple scrape-codification task. Same-org gstack provenance lowers malware confidence, but the scope and side effects are disproportionate enough to treat this as a medium-high risk skill.

Confidence: 84%Severity: 68%
Audit Metadata
Analyzed At
May 16, 2026, 06:26 PM
Package URL
pkg:socket/skills-sh/garrytan%2Fgstack%2Fskillify%2F@c2a5b8a887158f9c47127aa3cf65a83cc0221b23
Security Audit — socket — skillify