vibekanban

Warn

Audited by Socket on May 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill is coherent with its stated purpose as an AI coding orchestrator, and its install path appears to come from the same project ecosystem rather than an unrelated third party. The main risk is not hidden malware but the explicitly broad execution model: agents run autonomously with permission checks skipped, can execute project scripts, manipulate repos, and may access copied secret-bearing files such as .env. Overall this looks purpose-aligned but high-impact if misused, so it is best classified as a vulnerable/high-risk automation skill rather than confirmed malicious.

Confidence: 88%Severity: 68%
Audit Metadata
Analyzed At
May 19, 2026, 06:39 AM
Package URL
pkg:socket/skills-sh/itechmeat%2Fllm-code%2Fvibekanban%2F@764b8a211018337ce518e44727fb1498eeb6cf88
Security Audit — socket — vibekanban