stacktree-publish
Warn
Audited by Socket on Jul 3, 2026
2 alerts found:
SecurityAnomalySecurityskills/status-dashboard/SKILL.md
MEDIUMSecurityMEDIUM
skills/status-dashboard/SKILL.md
Anomalyskills/agent-run-report/SKILL.md
LOWAnomalyLOW
skills/agent-run-report/SKILL.md
SUSPICIOUS: the overall purpose is coherent for a report-publishing skill, and the Stacktree domains appear official, but the skill routes content and credentials through an unseen local shell helper instead of the documented direct API/MCP path. Main risk is external publication of potentially sensitive report data plus opaque helper-script behavior, not clear malware.
Confidence: 84%Severity: 57%
Audit Metadata