github-code-review

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The core capability is coherent for a GitHub code review skill and data flows stay on official GitHub channels, so this is not overtly malicious. However, it reads plaintext credential files, trusts a transitive local auth script, and enables impactful autonomous PR actions while encouraging checkout and execution against untrusted PR content; these make it medium risk.

Confidence: 89%Severity: 61%
Audit Metadata
Analyzed At
May 16, 2026, 01:47 PM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fgithub-code-review%2F@38befea467e58575bb6748fa66b5db6b89b07a2b
Security Audit — socket — github-code-review