tooluniverse-codex-plugin
Warn
Audited by Socket on Jun 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is broadly coherent with its stated purpose, but it creates a notable supply-chain and transitive-trust footprint: official yet unpinned curl|sh installation of uv, Git marketplace plugin installation, automatic Git-based updates, and credential inheritance into a uvx-executed MCP server. No clear credential harvesting, covert behavior, or incompatible data-routing is shown, so this is not malicious, but the install and execution trust model is medium risk.
Confidence: 100%Severity: 60%
Audit Metadata