qmetry
Warn
Audited by Socket on Apr 2, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: The skill's capabilities, credentials, and API usage are mostly aligned with QMetry test management, and data flows point to the official QMetry Cloud service. The main concern is install and trust: it depends on a third-party orbit CLI distributed via custom channels including a raw GitHub curl|sh installer, and that CLI receives the QMetry API key. This is a coherent but elevated-trust integration rather than confirmed malicious behavior.
Confidence: 82%Severity: 58%
Audit Metadata