iblai-vibe-ops-init

Warn

Audited by Socket on Jul 7, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core bootstrap behavior is mostly coherent and uses an official iblai GitHub source, but the skill expands trust by installing another skill transitively and stores sensitive tokens locally. Main risk is transitive skill installation plus mutable GitHub-based scaffolding, not confirmed malware or overt exfiltration.

Confidence: 88%Severity: 68%
Audit Metadata
Analyzed At
Jul 7, 2026, 01:03 PM
Package URL
pkg:socket/skills-sh/iblai%2Fvibe%2Fiblai-vibe-ops-init%2F@cc7eabfe6269693959b34f65e89e76314b1d14e2b7325575704b2890700ff2c4
Security Audit — socket — iblai-vibe-ops-init