repo-hunter

Warn

Audited by Socket on Apr 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the stated purpose is coherent, but the skill's actual footprint is too broad and weakly constrained. Its main behavior is discovering arbitrary third-party repos, then installing and executing tools—sometimes by direct download—based on untrusted GitHub content, with no integrity requirements or publisher restrictions. This is a substantial supply-chain and prompt-injection risk, though not confirmed malware.

Confidence: 89%Severity: 83%
Audit Metadata
Analyzed At
Apr 16, 2026, 05:43 PM
Package URL
pkg:socket/skills-sh/rebyteai%2Frebyte-skills%2Frepo-hunter%2F@c9b310ebd65a71f281f2592b95d0b649238cd8d1
Security Audit — socket — repo-hunter