devtu-self-evolve
Warn
Audited by Socket on May 29, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: The skill’s core capabilities mostly match its stated purpose as a self-evolution orchestrator, and the named GitHub tooling is from official sources. The main risk is disproportionate trust expansion: it dispatches to multiple other skills, processes broad agent-generated content, and can then modify code and push PRs, creating a medium-high transitive and autonomy risk even without clear evidence of malware or credential theft.
Confidence: 89%Severity: 71%
Audit Metadata