jpmorgan-banker

Warn

Audited by Socket on Apr 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core content is a benign finance persona, but the install pattern is not fully trustworthy because it instructs agents to load a remote skill from an unverifiable domain and to persist that instruction across agent configs. No credential harvesting, exfiltration, exploit logic, or binary execution is present, so this is better classified as medium security risk from transitive remote-skill installation rather than malware.

Confidence: 88%Severity: 64%
Audit Metadata
Analyzed At
Apr 18, 2026, 01:58 AM
Package URL
pkg:socket/skills-sh/theneoai%2Fawesome-skills%2Fjpmorgan-banker%2F@aa6351c350dfebecb9a1e5594b5b8d19236e267c
Security Audit — socket — jpmorgan-banker