iros-registry-automation

Warn

Audited by Socket on May 17, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the stated purpose is coherent and the manual-login/manual-payment limits are appropriate, but the skill’s core automation depends on cloning and executing an unverifiable personal GitHub repository for sensitive document handling. Data flows appear aligned with IROS and local storage rather than overt exfiltration, so this is better classified as high supply-chain/security risk than confirmed malware.

Confidence: 87%Severity: 78%
Audit Metadata
Analyzed At
May 17, 2026, 08:12 PM
Package URL
pkg:socket/skills-sh/modu-ai%2Fcowork-plugins%2Firos-registry-automation%2F@9cef25601a500d2ccb43cda6cafbf609d26c7ffd
Security Audit — socket — iros-registry-automation