skills/seabbs/skills/add-bot/Socket

add-bot

Fail

Audited by Socket on Mar 8, 2026

1 alert found:

Obfuscated File

Obfuscated FileSKILL.md

HIGH

Obfuscated FileHIGH

SKILL.md

The skill's described purpose—adding a bot collaborator with push permissions via GitHub CLI with owner switch and verification—is coherent with its implemented flow. It relies on legitimate tooling (gh CLI) and standard GitHub API endpoints. Risks mainly concern credential handling (switching accounts, token storage), potential race conditions, and reliance on unvalidated configuration data from CLAUDE.md. Overall, the footprint is proportionate to the task, with moderate security considerations around credentials and concurrency. No evidence suggests illicit data exfiltration or malicious behavior beyond typical automation risks.

Confidence: 98%

Audit Metadata

Analyzed At

Mar 8, 2026, 07:16 AM

Package URL

pkg:socket/skills-sh/seabbs%2Fskills%2Fadd-bot%2F@e47f47e329dcb29534925b734dfdd5c759232776