slack-standup-digest

Warn

Audited by Socket on Jun 24, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s purpose is coherent, but it routes Slack-derived content and an API key through an OpenHands automation backend with a runtime-supplied host, and it can auto-post scheduled summaries without per-run approval. No clear malware or deceptive installer behavior is present, but cross-service data flow and autonomous posting make it a medium-risk skill.

Confidence: 83%Severity: 58%
Audit Metadata
Analyzed At
Jun 24, 2026, 08:21 AM
Package URL
pkg:socket/skills-sh/openhands%2Fskills%2Fslack-standup-digest%2F@1ec4510ab1f60be5d4935cb36e54ee966c44c6c55f11103ee878171ad6f80ea8
Security Audit — socket — slack-standup-digest