stream-cli
Warn
Audited by Socket on May 7, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core Stream API/CLI purpose matches the requested capabilities, and the Stream CLI appears to be a legitimate same-org tool. Risk comes from two disproportionate behaviors: automatic transitive installation of another skill with no confirmation, and silent credential resolution from local files/config. The curl|bash installer is a moderate supply-chain concern but not strong evidence of malware given same-org provenance.
Confidence: 84%Severity: 58%
Audit Metadata