stream-cli

Warn

Audited by Socket on May 7, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core Stream API/CLI purpose matches the requested capabilities, and the Stream CLI appears to be a legitimate same-org tool. Risk comes from two disproportionate behaviors: automatic transitive installation of another skill with no confirmation, and silent credential resolution from local files/config. The curl|bash installer is a moderate supply-chain concern but not strong evidence of malware given same-org provenance.

Confidence: 84%Severity: 58%
Audit Metadata
Analyzed At
May 7, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/GetStream%2Fagent-skills%2Fstream-cli%2F@cb6967a30bc4b45284992b37fe6bbd5c9396acc1
Security Audit — socket — stream-cli