stacktree-publish

Warn

Audited by Socket on Jul 3, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
skills/status-dashboard/SKILL.md
AnomalyLOW
skills/agent-run-report/SKILL.md

SUSPICIOUS: the overall purpose is coherent for a report-publishing skill, and the Stacktree domains appear official, but the skill routes content and credentials through an unseen local shell helper instead of the documented direct API/MCP path. Main risk is external publication of potentially sensitive report data plus opaque helper-script behavior, not clear malware.

Confidence: 84%Severity: 57%
Audit Metadata
Analyzed At
Jul 3, 2026, 10:16 AM
Package URL
pkg:socket/skills-sh/stevysmith%2Fstacktree-skill%2Fstacktree-publish%2F@dd8561974b9bcd5a942bf3c4064968078b699e28
Security Audit — socket — stacktree-publish