attacking-oauth-with-device-code-phishing

Fail

Audited by Socket on Jun 22, 2026

2 alerts found:

Malwarex2
MalwareHIGH
SKILL.md

This skill is not a normal admin or developer integration; it is an offensive phishing/token-theft capability for AI agents. Its purpose, data flows, and credential handling are coherent with attack operations but make it high risk and inappropriate for general agent deployment. Treat as suspicious/high-risk offensive security content rather than benign documentation.

Confidence: 97%Severity: 96%
MalwareHIGH
references/api-reference.md

High-risk instructional content for OAuth device-code/consent phishing and refresh-token abuse against Microsoft Entra ID, including guidance that enables authenticated access to Graph/Outlook/Teams/ARM and potential mailbox/tenant enumeration via offensive tooling. While the snippet contains no executable code, its explicit phishing framing and end-to-end token acquisition/persistence/data-access workflow make it strongly suspicious for malicious or abusive supply-chain intent.

Confidence: 72%Severity: 85%
Audit Metadata
Analyzed At
Jun 22, 2026, 10:13 PM
Package URL
pkg:socket/skills-sh/mukul975%2FAnthropic-Cybersecurity-Skills%2Fattacking-oauth-with-device-code-phishing%2F@df1719069e2f423d48b3609d9e0190877bc4d298de500f5bd71eab115d6fc531
Security Audit — socket — attacking-oauth-with-device-code-phishing