pokemon-player

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core emulator/gameplay behavior matches the stated purpose, and the main code source appears to be the publisher's own GitHub org. The main risk is the skill's instruction to expose the local dashboard via a third-party localhost.run tunnel, creating unnecessary external data flow and public access for a local game service. Supply-chain risk is moderate due to mutable GitHub clone/editable install rather than pinned releases, but there is no strong evidence of credential theft or malware.

Confidence: 89%Severity: 58%
Audit Metadata
Analyzed At
May 16, 2026, 01:48 PM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fpokemon-player%2F@b9cf31742a6470cb2ff7260d401fe62b124def2c
Security Audit — socket — pokemon-player