firmware-review
Audited by Socket on Feb 16, 2026
1 alert found:
Obfuscated FileThe manifest documents a legitimate, focused code-review skill for safety-critical rover firmware. It prescribes appropriate checks and describes expected good/bad patterns. The primary risk is operational: executing recommended build/test/deploy commands can run arbitrary repository code (tests/build scripts/deploy scripts) and may leak secrets or perform remote actions if run unsandboxed. The manifest itself contains no direct malicious code, but reviewers must treat running repository code as untrusted and use sandboxing, pre-scan scripts for secrets/suspicious patterns, and inspect deploy scripts before execution. Verdict: functional/benign as documentation, operationally moderate risk if commands are executed without isolation.