design
Audited by Socket on Apr 21, 2026
2 alerts found:
AnomalySecuritySUSPICIOUS: the visible `clarify` skill is purpose-aligned and benign on its face, but it mandates transitive execution of other skills, including a likely third-party `teach-impeccable` skill with ambiguous trust provenance. The main risk is not direct malicious behavior here, but delegated trust and potential footprint expansion beyond a simple UX-copy helper.
SUSPICIOUS. The core design purpose is coherent, but the skill unnecessarily expands trust by directing runtime installation of other skills, including a third-party design skill and a broad external skill collection. Its data flows are mostly proportional to design work, yet transitive skill installation and search-driven artifact creation materially raise supply-chain and prompt-injection risk.