joyco-app

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's capabilities mostly align with its stated purpose of bootstrapping a JOYCO app, but it relies on several remote installs and JOYCO-specific tooling/registry endpoints that are not independently verified in the provided evidence. This looks more like medium supply-chain and transitive-trust risk than confirmed malicious behavior.

Confidence: 78%Severity: 58%
Audit Metadata
Analyzed At
Jun 18, 2026, 01:40 AM
Package URL
pkg:socket/skills-sh/joyco-studio%2Fskills%2Fjoyco-app%2F@0c7ee72f11208696692734203dee0549e96da7e2563baac69500b544e87efadf
Security Audit — socket — joyco-app