nexus-proposal-scout
Warn
Audited by Socket on May 30, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Purpose and capabilities are mostly aligned: it reads org policy, checks backlog, drafts one proposal, submits it, and posts a short notice. The main risk is trust in the unverifiable `probe` CLI plus autonomous write actions through that backend; GitHub usage appears normal and same-purpose. Overall this is suspicious/high-risk from a supply-chain and agent-action perspective, but not confirmed malware.
Confidence: 84%Severity: 78%
Audit Metadata