coding-agent

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill is coherent with its stated purpose of orchestrating coding-agent CLIs, and the verified install paths for Claude Code and Codex are official and proportionate. The main risk is not hidden exfiltration but high-autonomy execution: it instructs agents to run with permission-bypass modes, modify code, review untrusted PR content, and even push branches or create/comment on PRs. Overall this looks legitimate but high-impact, so it is best classified as suspicious/high-risk operationally rather than malicious.

Confidence: 88%Severity: 68%
Audit Metadata
Analyzed At
Jun 23, 2026, 06:06 AM
Package URL
pkg:socket/skills-sh/storyclaw-official%2Fstoryclaw-assistant%2Fcoding-agent%2F@dcd7114e2492b3515e576905c80efac622a4dec64e7accb228d1156ea2b7fb4e
Security Audit — socket — coding-agent