agent-desktop
Warn
Audited by Socket on Jun 13, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
The skill’s desktop-control capabilities match its stated purpose, so it is not fundamentally deceptive. The main concern is install trust: a same-publisher bridge is used to fetch/delegate to a separately published upstream CLI, with latest-version defaults and a transitive tool installation step. That makes this better classified as suspicious/high-vulnerability supply-chain risk rather than confirmed malware.
Confidence: 100%Severity: 60%
Audit Metadata