gsd-orchestrator

Warn

Audited by Socket on May 12, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill is internally coherent and uses an official-looking npm install path, so it is not clearly malicious. However, it grants an AI agent broad autonomous build execution through an opaque external CLI and can forward secrets into that subprocess, making the overall security risk medium.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
May 12, 2026, 01:57 PM
Package URL
pkg:socket/skills-sh/gsd-build%2Fgsd-2%2Fgsd-orchestrator%2F@5d002a2b7bd371649c7e3d9a26a0f9b39ef4eff2
Security Audit — socket — gsd-orchestrator