cliproxy-deploy
Warn
Audited by Socket on Jun 19, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is coherent with its stated purpose and uses an official same-org source, so it is not malware-like; however, it asks the agent to deploy mutable upstream code, transfer high-value OAuth credential files to a remote VPS, and optionally expose those accounts via a public API port. The main concerns are supply-chain hygiene and the security impact of forwarding/storing provider auth on a server, not hidden exfiltration or deceptive behavior.
Confidence: 88%Severity: 64%
Audit Metadata