talent-sourcing

Warn

Audited by Socket on May 15, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s core behavior matches talent sourcing and the Nimble dependency appears same-org and officially documented, so there is no strong sign of malware or credential theft. Risk comes from broad agent permissions, bypassPermissions sub-agents, external CLI/API dependency, and processing untrusted web content with write/exec capability; the unspecified distribution step adds uncertainty.

Confidence: 86%Severity: 56%
Audit Metadata
Analyzed At
May 15, 2026, 12:55 PM
Package URL
pkg:socket/skills-sh/nimbleway%2Fagent-skills%2Ftalent-sourcing%2F@aac50fb6c68589e0c04fa4a3b7280b35f6fc30a1
Security Audit — socket — talent-sourcing