pokemon-player
Warn
Audited by Socket on May 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core emulator/gameplay behavior matches the stated purpose, and the main code source appears to be the publisher's own GitHub org. The main risk is the skill's instruction to expose the local dashboard via a third-party localhost.run tunnel, creating unnecessary external data flow and public access for a local game service. Supply-chain risk is moderate due to mutable GitHub clone/editable install rather than pinned releases, but there is no strong evidence of credential theft or malware.
Confidence: 89%Severity: 58%
Audit Metadata