joyco-app
Warn
Audited by Socket on Jun 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: The skill's capabilities mostly align with its stated purpose of bootstrapping a JOYCO app, but it relies on several remote installs and JOYCO-specific tooling/registry endpoints that are not independently verified in the provided evidence. This looks more like medium supply-chain and transitive-trust risk than confirmed malicious behavior.
Confidence: 78%Severity: 58%
Audit Metadata