magi
Warn
Audited by Socket on Apr 22, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill's main behavior is coherent with its stated purpose, but it forwards user/project context to multiple external model providers, grants broader file permissions than needed, and adds transitive trust via a downstream skill. No clear malware or credential-harvesting pattern is present, but the external data-sharing and permission scope make it medium risk.
Confidence: 88%Severity: 58%
Audit Metadata