testing-for-broken-access-control

Warn

Audited by Socket on Apr 7, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill is internally consistent for authorized penetration testing, with mostly legitimate tooling and no clear exfiltration endpoint, so it is not confirmed malware. However, it gives an AI agent high-risk offensive security capability, uses sensitive live auth tokens across tools/extensions, and can perform impactful authenticated actions against real targets if scope and approval are not tightly controlled.

Confidence: 91%Severity: 84%
Audit Metadata
Analyzed At
Apr 7, 2026, 12:41 AM
Package URL
pkg:socket/skills-sh/mukul975%2FAnthropic-Cybersecurity-Skills%2Ftesting-for-broken-access-control%2F@31bc5a54af1a0c0386e93c4ee34994a7b5772e0d
Security Audit — socket — testing-for-broken-access-control