dispo

Warn

Audited by Socket on May 17, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s purpose and runtime behavior are coherent for domain lookup, and it does not request credentials or excessive access. The main issue is install trust: it directs the agent to globally install an unpinned CLI from a personal GitHub repo instead of the project’s documented package distribution path, creating a significant supply-chain risk even without clear malicious behavior.

Confidence: 90%Severity: 72%
Audit Metadata
Analyzed At
May 17, 2026, 12:53 PM
Package URL
pkg:socket/skills-sh/Rasaboun%2Fdispo%2Fdispo%2F@cbc7e9dc9441ed3c507d588c270a2c61c0bdf08a
Security Audit — socket — dispo