qodo-pr-resolver
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: The stated purpose matches PR review remediation, but the skill gives untrusted Qodo review content direct control over code changes and enables batch repository actions including commits, PR comments, PR creation, and pushes. No clear malicious exfiltration or rogue installer is shown, yet the external-content-to-edit/action path makes this a high-risk automation skill.
Confidence: 89%Severity: 72%
Audit Metadata