ship-playbook

Warn

Audited by Socket on Jul 6, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s core behavior matches its stated delivery-orchestration purpose, and there is no clear credential theft or exfiltration path. Risk comes from broad agent/Bash/Workflow execution plus explicit installation of additional skills and agents through third-party CLIs, creating a transitive trust and supply-chain footprint larger than a simple workflow wrapper.

Confidence: 86%Severity: 68%
Audit Metadata
Analyzed At
Jul 6, 2026, 03:16 AM
Package URL
pkg:socket/skills-sh/ulpi-io%2Fskills%2Fship-playbook%2F@322363477c76deed0dd5f2e86fd9724eefd45d565ff5f0fc160fcfaa232f4844
Security Audit — socket — ship-playbook