Skills
skills/l3digital-net/claude-code-plugins/dependency-audit/Socket

dependency-audit

Warn

Audited by Socket on Mar 18, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s purpose is coherent and permissions are mostly proportionate, but it relies on an undocumented `gh-manager` CLI rather than official GitHub CLI commands. Because the tool provenance and credential handling are not established, the main risk is third-party CLI trust and possible credential forwarding, not confirmed malware.

Confidence: 82%Severity: 72%
Audit Metadata
Analyzed At
Mar 18, 2026, 01:37 PM
Package URL
pkg:socket/skills-sh/l3digital-net%2Fclaude-code-plugins%2Fdependency-audit%2F@94cfc5c229290290c76dca65e0d2f66aae7a8147