design

Warn

Audited by Socket on Apr 21, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
commands/clarify/SKILL.md

SUSPICIOUS: the visible `clarify` skill is purpose-aligned and benign on its face, but it mandates transitive execution of other skills, including a likely third-party `teach-impeccable` skill with ambiguous trust provenance. The main risk is not direct malicious behavior here, but delegated trust and potential footprint expansion beyond a simple UX-copy helper.

Confidence: 89%Severity: 63%
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The core design purpose is coherent, but the skill unnecessarily expands trust by directing runtime installation of other skills, including a third-party design skill and a broad external skill collection. Its data flows are mostly proportional to design work, yet transitive skill installation and search-driven artifact creation materially raise supply-chain and prompt-injection risk.

Confidence: 84%Severity: 74%
Audit Metadata
Analyzed At
Apr 21, 2026, 03:05 AM
Package URL
pkg:socket/skills-sh/rebyteai%2Frebyte-skills%2Fdesign%2F@82123e6dfed59a75df4b6d5ddd85371de1fc2cc4
Security Audit — socket — design