skills/alfredoperez/angular-best-practices/angular-best-practices-ngrx/Socket

angular-best-practices-ngrx

Warn

Audited by Socket on Mar 2, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

The skill manifest is mostly coherent with its stated purpose (providing NgRx best practices guidance and facilitating installation of an add-on skill). The primary security concern is the remote install flow (npx skills add ... from an external domain), which introduces supply-chain risk and warrants controls (verifiable sources, signatures, version pinning). No credential handling, data exfiltration, or malicious behavior is evident in the fragment itself. Overall assessment: BENIGN with SUPPLY-CHAIN RISK (suspicious/medium risk) due to external installation dependency.

Confidence: 70%Severity: 65%

Audit Metadata

Analyzed At

Mar 2, 2026, 03:54 PM

Package URL

pkg:socket/skills-sh/alfredoperez%2Fangular-best-practices%2Fangular-best-practices-ngrx%2F@55543a1dff8e3a7b33f85a726f512b10fb95846b