nexus-vote
Warn
Audited by Socket on May 30, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS rather than malicious. The skill's behavior is coherent with its stated purpose and its GitHub data flow is official and proportionate, but it depends on an unverifiable `probe` CLI that performs reads and a write on the user's behalf. That unverifiable binary requirement materially raises supply-chain and trust risk even though no clear credential theft or deceptive exfiltration is shown.
Confidence: 86%Severity: 78%
Audit Metadata