iblai-vibe-agent-sandbox

Warn

Audited by Socket on Jul 7, 2026

3 alerts found:

Anomalyx3
AnomalyLOW
SKILL.md

SUSPICIOUS. The core capability matches the stated purpose and the main SDK/install sources appear same-org and legitimate, so this is not malware-like. However, the skill expands trust through transitive skill usage and unpinned download/execute patterns, making it a medium-risk developer workflow rather than a cleanly self-contained benign skill.

Confidence: 85%Severity: 56%
AnomalyLOW
assets/nemoclaw/.nemoclaw-preload.js

This module is primarily a sandbox/security bootstrap that dynamically requires guard modules from an environment-influenced directory and uses logging plus a fail-closed exit when critical guards fail to load. No direct malicious behaviors (exfiltration, reverse shell, or cryptomining) are evident in the fragment itself, but the dynamic require-from-GUARD_DIR approach is high-impact: without integrity verification and with GUARD_DIR defaulting to '/tmp', an attacker who can tamper with the directory or environment can potentially achieve arbitrary code execution. Security risk therefore hinges on strict control of GUARD_DIR and the guard files’ integrity/permissions.

Confidence: 63%Severity: 68%
AnomalyLOW
assets/nemoclaw/bashrc-snippet.sh

This snippet is a sandbox wrapper that logs command stdout/stderr to disk and forces Node processes to preload /sandbox/.nemoclaw-preload.js via NODE_OPTIONS. It does not itself contain explicit malware behaviors (no network/exfiltration/credential theft visible), but it introduces high-impact control points: eval-based dynamic command execution and a broad, session-wide Node preload mechanism whose safety depends entirely on the external preload module. Additionally, persistent logging can capture sensitive output at rest. Overall, security risk is moderate-to-high and should be reviewed with the preload module and the command-input control/sanitization strategy.

Confidence: 62%Severity: 56%
Audit Metadata
Analyzed At
Jul 7, 2026, 01:03 PM
Package URL
pkg:socket/skills-sh/iblai%2Fvibe%2Fiblai-vibe-agent-sandbox%2F@b68b31b44c124878a9699931a1996b1707920323bc0dd6b624fc6ccc43fa2a54
Security Audit — socket — iblai-vibe-agent-sandbox