vibekanban
Warn
Audited by Socket on May 19, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
The skill is coherent with its stated purpose as an AI coding orchestrator, and its install path appears to come from the same project ecosystem rather than an unrelated third party. The main risk is not hidden malware but the explicitly broad execution model: agents run autonomously with permission checks skipped, can execute project scripts, manipulate repos, and may access copied secret-bearing files such as .env. Overall this looks purpose-aligned but high-impact if misused, so it is best classified as a vulnerable/high-risk automation skill rather than confirmed malicious.
Confidence: 88%Severity: 68%
Audit Metadata