dispo
Warn
Audited by Socket on May 17, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill’s purpose and runtime behavior are coherent for domain lookup, and it does not request credentials or excessive access. The main issue is install trust: it directs the agent to globally install an unpinned CLI from a personal GitHub repo instead of the project’s documented package distribution path, creating a significant supply-chain risk even without clear malicious behavior.
Confidence: 90%Severity: 72%
Audit Metadata