ucp-ap2-mandates

Warn

Audited by Socket on Mar 19, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill is coherent with its stated purpose, but that purpose is intrinsically high-impact: enabling autonomous payment authorization. The main security concern is the combination of live external content fetching with Bash/write access, which creates prompt-injection risk during implementation, plus the financial autonomy implications. No clear credential harvesting, malware behavior, or suspicious installer path was found.

Confidence: 89%Severity: 74%
Audit Metadata
Analyzed At
Mar 19, 2026, 07:33 AM
Package URL
pkg:socket/skills-sh/OrcaQubits%2Fagentic-commerce-claude-plugins%2Fucp-ap2-mandates%2F@319f502ad05813025e9cba8f8ee163ccf018a5ef
Security Audit — socket — ucp-ap2-mandates