iblai-cli-maintenance

Warn

Audited by Socket on Jun 15, 2026

1 alert found:

Anomaly
AnomalyLOW
references/iblai-cli-add-command.md

Based on the provided fragment, the CLI appears to be a Next.js integration/scaffolding tool that performs high-impact but conventional actions: generate feature files from templates, install dependencies, and patch `next.config.*`, `globals.css`, `.env.local`, and Redux store wiring. There is no direct evidence of malicious behavior (no revealed obfuscation, exfiltration, or backdoor mechanisms) in the excerpt; the dominant risk is supply-chain and host-integrity concerns: dependency installation and automated injection/patching into sensitive configuration files. Final assurance requires inspecting the actual templates and patcher/installer implementations for unsafe telemetry/network behavior, secret handling, and dependency version pinning/integrity practices.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 15, 2026, 03:47 PM
Package URL
pkg:socket/skills-sh/iblai%2Fvibe%2Fiblai-cli-maintenance%2F@16749043c35ab5e473ce92d73f09be483e49008e6bec0fc256ac8f839ab20255
Security Audit — socket — iblai-cli-maintenance