iros-registry-automation
Warn
Audited by Socket on May 17, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the stated purpose is coherent and the manual-login/manual-payment limits are appropriate, but the skill’s core automation depends on cloning and executing an unverifiable personal GitHub repository for sensitive document handling. Data flows appear aligned with IROS and local storage rather than overt exfiltration, so this is better classified as high supply-chain/security risk than confirmed malware.
Confidence: 87%Severity: 78%
Audit Metadata