sales-kwatch
Warn
Audited by Socket on Jun 14, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core skill is mostly a benign documentation/helper skill for KWatch, but it includes two meaningful risk signals: transitive installation of another skill via unpinned `npx skills add`, and explicit use of webhook.site, a known request-capture endpoint, for webhook testing. These do not make the skill malicious, but they create medium security risk and weaken data-flow integrity relative to the stated support purpose.
Confidence: 100%Severity: 60%
Audit Metadata