qodo-pr-resolver

Warn

Audited by Socket on May 15, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: The stated purpose matches PR review remediation, but the skill gives untrusted Qodo review content direct control over code changes and enables batch repository actions including commits, PR comments, PR creation, and pushes. No clear malicious exfiltration or rogue installer is shown, yet the external-content-to-edit/action path makes this a high-risk automation skill.

Confidence: 89%Severity: 72%
Audit Metadata
Analyzed At
May 15, 2026, 11:44 AM
Package URL
pkg:socket/skills-sh/qodo-ai%2Fqodo-skills%2Fqodo-pr-resolver%2F@22a2642296a05d4eb26a19cee2ce532561279b73
Security Audit — socket — qodo-pr-resolver