Skills
skills/benjaming/ai-skills/todo/Socket

todo

Fail

Audited by Socket on Feb 20, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill appears functionally coherent and aligned with its stated purpose (task pickup, gather context, mark in-progress, brief). It legitimately reads a local task file and contacts official provider endpoints (Atlassian, GitHub, Slack via MCP) to gather context. Primary risks are operational: (1) required Jira credentials are used in curl basic-auth to download attachments — ensure credentials are provided securely and not logged; (2) MCP connectors will route data through their configured infrastructure and should be trusted/audited; (3) the skill reads and writes local files in ~/.claude which should be protected by filesystem permissions. No clear malicious code or obfuscation is present in the provided document. Recommend review/audit of MCP endpoints and safeguarding of env vars before use. LLM verification: The skill’s described capabilities are broadly coherent with its stated purpose of selecting and briefing on today’s tasks and gathering Jira/Confluence/Slack/PR context. Data flows and sinks are consistent with a legitimate task-management integration. The main concerns are security-conscious handling of credentials, ensuring only authorized systems access data, and avoiding execution or exposure of sensitive commands in user-facing documentation. Given these, the analysis verdict is BENIGN wit

Confidence: 95%Severity: 90%
Audit Metadata
Analyzed At
Feb 20, 2026, 08:04 AM
Package URL
pkg:socket/skills-sh/BenjaminG%2Fai-skills%2Ftodo%2F@0aff34542a2a587c279b30ed1383a5317f370573