skill-installer

Warn

Audited by Socket on Apr 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the GitHub-side behavior is broadly consistent with the stated purpose, but the skill's primary function is transitive installation of third-party skills, which materially expands trust. Use of a third-party marketplace is proportionate for discovery but adds external data-flow risk, and the unseen script leaves token handling and exact install behavior unverifiable.

Confidence: 84%Severity: 74%
Audit Metadata
Analyzed At
Apr 16, 2026, 05:41 PM
Package URL
pkg:socket/skills-sh/rebyteai%2Frebyte-skills%2Fskill-installer%2F@3e06155bc5758e7e5e4d35a5ee7a12678da1aeee
Security Audit — socket — skill-installer