iblai-vibe-cli-maintenance

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Anomaly
AnomalyLOW
references/iblai-vibe-cli-add-command.md

Based on the provided fragment, the CLI appears to be a Next.js integration/scaffolding tool that performs high-impact but conventional actions: generate feature files from templates, install dependencies, and patch `next.config.*`, `globals.css`, `.env.local`, and Redux store wiring. There is no direct evidence of malicious behavior (no revealed obfuscation, exfiltration, or backdoor mechanisms) in the excerpt; the dominant risk is supply-chain and host-integrity concerns: dependency installation and automated injection/patching into sensitive configuration files. Final assurance requires inspecting the actual templates and patcher/installer implementations for unsafe telemetry/network behavior, secret handling, and dependency version pinning/integrity practices.

Confidence: 42%Severity: 60%
Audit Metadata
Analyzed At
Jul 7, 2026, 01:02 PM
Package URL
pkg:socket/skills-sh/iblai%2Fvibe%2Fiblai-vibe-cli-maintenance%2F@fac1d6402e7511f1d1c6885c13ccbfa3943ee20d186b60f7ac9f3a3cf66f7d1b
Security Audit — socket — iblai-vibe-cli-maintenance