gco-2nd
Warn
Audited by Socket on Jun 25, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: The stated purpose is coherent with using GitHub Copilot CLI for a second opinion, and the primary external service is official GitHub infrastructure. Risk comes from broad bash permissions, opaque local wrapper scripts under $HOME/.claude, and unverifiable handling of workspace context/authentication inside those scripts; this is a moderate security-risk skill, not confirmed malware.
Confidence: 82%Severity: 57%
Audit Metadata