skills/mrsekut/agent-skills/vscode-openvsx-extension-publish/Socket

vscode-openvsx-extension-publish

Fail

Audited by Socket on Mar 9, 2026

1 alert found:

Obfuscated File

Obfuscated FileSKILL.md

HIGH

Obfuscated FileHIGH

SKILL.md

The skill's footprint is coherent with its stated purpose: it describes acceptable, standard tooling and workflows for publishing VSCode extensions to official marketplaces, plus CI/CD automation with GitHub Actions. While credentials (PATs and tokens) are involved, their handling via secrets is appropriate for legitimate publishing tasks. No evidence of credential exfiltration, unverifiable binaries, or malicious activity. The main caution is ensuring secure handling of tokens in CI logs and avoiding any hard-coded credentials in scripts.

Confidence: 98%

Audit Metadata

Analyzed At

Mar 9, 2026, 01:48 AM

Package URL

pkg:socket/skills-sh/mrsekut%2Fagent-skills%2Fvscode-openvsx-extension-publish%2F@80e72a5a3d98ef86782d15a06beb3f9bb83f2594