iblai-vibe-monetization-onboard

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s core Stripe Connect functionality is coherent with its stated purpose and sends credentials to first-party ibl.ai/Stripe endpoints, but it also expands trust with mutable install/update commands, raw GitHub downloads, MCP/tooling setup, and transitive skill execution. This looks more like a legitimate internal developer skill with medium supply-chain and trust-scope risk than credential-harvesting malware.

Confidence: 82%Severity: 57%
Audit Metadata
Analyzed At
Jul 7, 2026, 01:03 PM
Package URL
pkg:socket/skills-sh/iblai%2Fvibe%2Fiblai-vibe-monetization-onboard%2F@d9ba437ce0c06251f8e41dda34d80364ca7110c8d09ca12e8858de330e22adc9
Security Audit — socket — iblai-vibe-monetization-onboard