magi

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill's main behavior is coherent with its stated purpose, but it forwards user/project context to multiple external model providers, grants broader file permissions than needed, and adds transitive trust via a downstream skill. No clear malware or credential-harvesting pattern is present, but the external data-sharing and permission scope make it medium risk.

Confidence: 88%Severity: 58%
Audit Metadata
Analyzed At
Apr 22, 2026, 06:09 AM
Package URL
pkg:socket/skills-sh/vinta%2Fhal-9000%2Fmagi%2F@c2f8952b169156b993ca1b78a81641a1df95f556
Security Audit — socket — magi