github-code-review
Warn
Audited by Socket on May 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: The core capability is coherent for a GitHub code review skill and data flows stay on official GitHub channels, so this is not overtly malicious. However, it reads plaintext credential files, trusts a transitive local auth script, and enables impactful autonomous PR actions while encouraging checkout and execution against untrusted PR content; these make it medium risk.
Confidence: 89%Severity: 61%
Audit Metadata