contributor

Warn

Audited by Socket on Jun 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

Mostly purpose-aligned and uses official GitHub tooling, but it is a medium/high-risk automation skill because it processes untrusted GitHub content while retaining write/exec capability and can publicly act on the user's behalf by commenting, pushing, and opening PRs. Suspicious rather than malicious.

Confidence: 90%Severity: 62%
Audit Metadata
Analyzed At
Jun 19, 2026, 03:59 PM
Package URL
pkg:socket/skills-sh/majiayu000%2Fspellbook%2Fcontributor%2F@777e36a084be84e48f381d9047581d73bffca67a3298ac5a3a425dd800b8133b
Security Audit — socket — contributor