cliproxy-deploy

Warn

Audited by Socket on Jun 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is coherent with its stated purpose and uses an official same-org source, so it is not malware-like; however, it asks the agent to deploy mutable upstream code, transfer high-value OAuth credential files to a remote VPS, and optionally expose those accounts via a public API port. The main concerns are supply-chain hygiene and the security impact of forwarding/storing provider auth on a server, not hidden exfiltration or deceptive behavior.

Confidence: 88%Severity: 64%
Audit Metadata
Analyzed At
Jun 19, 2026, 03:59 PM
Package URL
pkg:socket/skills-sh/majiayu000%2Fspellbook%2Fcliproxy-deploy%2F@37321026ce3a4f599345313e5e0fd163daefb1a215e002e7b861486726893df5
Security Audit — socket — cliproxy-deploy