eightctl

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is purpose-aligned, but it depends on a third-party unofficial CLI from a personal GitHub repo, forwards real account credentials to that tool, and enables real-world device actions. This looks more like a high-impact unofficial integration than malware, but the trust model and mutable install path make it risky.

Confidence: 85%Severity: 64%
Audit Metadata
Analyzed At
Jun 23, 2026, 06:06 AM
Package URL
pkg:socket/skills-sh/storyclaw-official%2Fstoryclaw-assistant%2Feightctl%2F@c67181f08d4fdbe93bcf47df5602726eaa3731ba1b33c432cf64d1095dcf965c
Security Audit — socket — eightctl