agent-desktop

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill’s desktop-control capabilities match its stated purpose, so it is not fundamentally deceptive. The main concern is install trust: a same-publisher bridge is used to fetch/delegate to a separately published upstream CLI, with latest-version defaults and a transitive tool installation step. That makes this better classified as suspicious/high-vulnerability supply-chain risk rather than confirmed malware.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 05:18 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fagent-desktop%2F@c61d6fbfe13e733f94039e01b93f683438bd4c68820adac41e3b22d1e0de1df8
Security Audit — socket — agent-desktop