recoup-setup
Warn
Audited by Socket on May 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core Recoup API flow is broadly consistent with onboarding, but the skill reaches into hidden/session prompt context for email discovery, persists a powerful API key locally, modifies Claude memory to redirect many future tasks, and depends on transitive plugin/skill trust. Data flows mostly match the stated service, so this is not confirmed malware, but its scope and prompt-access behavior are broader than a minimal setup skill.
Confidence: 84%Severity: 63%
Audit Metadata