oracle
Warn
Audited by Socket on Jul 4, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill is mostly coherent with its stated purpose and uses verifiable same-publisher distribution, but it has a meaningful risk footprint because it executes a fetched npm CLI, forwards API credentials to that CLI, and transmits local repo content to external model/browser services. Browser profile reuse and remote-host support further expand trust boundaries. This looks like a legitimate but high-trust integration rather than confirmed malware.
Confidence: 89%Severity: 56%
Audit Metadata