spec-driven-planning

Warn

Audited by Socket on May 19, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The core behavior is mostly coherent for a planning skill—local file creation, requirements capture, and design drafting are proportional to purpose. Risk rises because it combines untrusted external research with write/bash tools and delegates to other unverified skills, while distribution trust relies on a third-party Playbooks `npx` path rather than a same-org official channel. No direct credential harvesting, exfiltration endpoint, dangerous pre-execution directive, or malicious payload is evident in the provided skill.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
May 19, 2026, 05:48 PM
Package URL
pkg:socket/skills-sh/xbklairith%2Fkisune%2Fspec-driven-planning%2F@c05ed1b4ad820102073e103be170c676a8bacfde
Security Audit — socket — spec-driven-planning