moshi-best-practices

Warn

Audited by Socket on May 15, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill is mostly purpose-aligned and behaves like a legitimate host-setup guide for Moshi, tmux, and agent hooks. The main risk is install and credential trust: it asks the agent to install an external hook daemon/CLI and pass it a pairing token, with optional non-Keychain secret storage and ongoing network connectivity. That is suspicious enough for medium security risk without clear evidence of malicious intent.

Confidence: 78%Severity: 55%
Audit Metadata
Analyzed At
May 15, 2026, 09:53 AM
Package URL
pkg:socket/skills-sh/rjyo%2Fmoshi-skill%2Fmoshi-best-practices%2F@a48151ac60b4970bf15f09f52c401186f418ff27
Security Audit — socket — moshi-best-practices