physical-ai-infrastructure-setup-and-resilient-scaling

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
components/osmo-azure/reference.md

No direct malware (e.g., obvious exfiltration/backdoor logic) is present in this snippet alone; it is primarily an orchestration layer. However, it presents a significant supply-chain and operational security risk because it clones and executes unpinned upstream scripts from a moving branch/ref and injects sensitive credentials into the environment (via set -a sourcing and exported passwords/keys). Given that the deployment and destroy behavior is entirely delegated to code fetched from GitHub, the dominant concern is upstream integrity/attestation and secret-handling safety. Pinning to immutable commits/tags with verification, restricting secret propagation, and adding explicit safeguards/guardrails around destroy would materially reduce risk.

Confidence: 70%Severity: 62%
Audit Metadata
Analyzed At
Jun 18, 2026, 04:35 PM
Package URL
pkg:socket/skills-sh/promptingcompany%2Fnv-skills%2Fphysical-ai-infrastructure-setup-and-resilient-scaling%2F@65569c4aa57bcb76408a5216d09f86d3d94eaa6ef5b39ce94bb6c743fa0867df
Security Audit — socket — physical-ai-infrastructure-setup-and-resilient-scaling