qmetry

Warn

Audited by Socket on Apr 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's capabilities, credentials, and API usage are mostly aligned with QMetry test management, and data flows point to the official QMetry Cloud service. The main concern is install and trust: it depends on a third-party orbit CLI distributed via custom channels including a raw GitHub curl|sh installer, and that CLI receives the QMetry API key. This is a coherent but elevated-trust integration rather than confirmed malicious behavior.

Confidence: 82%Severity: 58%
Audit Metadata
Analyzed At
Apr 2, 2026, 07:11 PM
Package URL
pkg:socket/skills-sh/jorgemuza%2Forbit%2Fqmetry%2F@a818b6881b7a6c4e7a7f300db6152f4a8af91356
Security Audit — socket — qmetry