skills/spm1001/claude-suite/sprite/Socket

sprite

Fail

Audited by Socket on Feb 21, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill is functionally consistent with its stated purpose (operating an InnerClaude on Sprites.dev VMs) and contains no direct signs of deliberate malware or exfiltration to attacker-controlled domains. However it uses high-risk credential handling and automation patterns: it instructs extracting a long-lived OAuth token from a local keychain and interpolating it into remote tmux commands, and it writes interactive output to an unprotected /tmp file. Those practices materially increase the chance of accidental credential leakage or misuse. Recommend treating this as SUSPICIOUS: acceptable for controlled, trusted test environments with strong operational controls (ephemeral VMs, short-lived tokens, restricted /tmp permissions, token rotation), but avoid using the exact inline-token and plaintext-/tmp-capture patterns in shared or production VMs. LLM verification: This skill is functionally coherent with its stated purpose (automating control of an InnerClaude in a tmux session on a Sprites.dev VM). It is NOT actively malicious in the code/text provided, but it encourages high-risk operational patterns: forwarding a long-lived OAuth token from a local machine into a remote VM, writing interactive outputs to unprotected /tmp files, and automating approval dialogs. These patterns create substantial credential exposure and privilege escalation risk if the re

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 21, 2026, 03:27 PM

Package URL

pkg:socket/skills-sh/spm1001%2Fclaude-suite%2Fsprite%2F@b1ae0d944bd0445e4b3442a68865742c1621522a