Skills
skills/nevaberry/nevaberry-plugins/knowledge-patch-setup/Socket

knowledge-patch-setup

Warn

Audited by Socket on Apr 28, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s stated purpose matches its behavior, and there is no clear credential theft or unrelated access. However, it performs transitive skill installation from remote repository content, allows source override via KP_PUBLIC_REPO/--public-repo, and relies on an unseen helper script for the actual fetch/install logic, so the trust boundary is broader than a simple local setup helper.

Confidence: 86%Severity: 61%
Audit Metadata
Analyzed At
Apr 28, 2026, 02:04 PM
Package URL
pkg:socket/skills-sh/nevaberry%2Fnevaberry-plugins%2Fknowledge-patch-setup%2F@4f34544f7d862dc907e0f84a97ee677b32d56600