repo-hunter
Warn
Audited by Socket on Apr 16, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the stated purpose is coherent, but the skill's actual footprint is too broad and weakly constrained. Its main behavior is discovering arbitrary third-party repos, then installing and executing tools—sometimes by direct download—based on untrusted GitHub content, with no integrity requirements or publisher restrictions. This is a substantial supply-chain and prompt-injection risk, though not confirmed malware.
Confidence: 89%Severity: 83%
Audit Metadata