skills/squirrelsoft-dev/agent-skills/brownfield/Socket

brownfield

Warn

Audited by Socket on Apr 17, 2026

1 alert found:

Anomaly

Anomalyscripts/generate-settings.sh

LOW

AnomalyLOW

scripts/generate-settings.sh

This script is a configuration generator rather than a direct malware payload. It meaningfully increases execution capability by defining multiple lifecycle hooks that will run bash scripts from a project-controlled hooks directory and by allowing broad package-manager command patterns based on PKG_MANAGER. The overall security risk hinges on the integrity and provenance of the referenced .claude/hooks/*.sh scripts and on whether PROJECT_DIR and CLAUDE_PROJECT_DIR are trustworthy at runtime.

Confidence: 67%Severity: 57%

Audit Metadata

Analyzed At

Apr 17, 2026, 02:33 AM

Package URL

pkg:socket/skills-sh/squirrelsoft-dev%2Fagent-skills%2Fbrownfield%2F@07f314bc1787ce7ae053b98f3df0604a09f83df0