Skills
skills/tracekit-dev/tracekit-for-ai/tracekit-go-sdk/Socket

tracekit-go-sdk

Warn

Audited by Socket on Apr 15, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: mostly coherent observability guidance with same-org Go SDK install and vendor-domain telemetry, but the skill expands scope via an unverified local auth script, mandatory transitive use of another skill, and default code-monitoring/optional LLM content capture that can export sensitive data. Not confirmed malicious, but risk is above benign due to credential/bootstrap ambiguity and data sensitivity.

Confidence: 84%Severity: 57%
Audit Metadata
Analyzed At
Apr 15, 2026, 12:39 PM
Package URL
pkg:socket/skills-sh/tracekit-dev%2Ftracekit-for-ai%2Ftracekit-go-sdk%2F@c2457806e03a3b4cdb3a407bb855c66385c742d5