Skip to content

fix: update vendored skills to latest versions#229

Merged
amondnet merged 1 commit into
mainfrom
chore/update-skills
Jun 23, 2026
Merged

fix: update vendored skills to latest versions#229
amondnet merged 1 commit into
mainfrom
chore/update-skills

Conversation

@pleaseai-release-bot

Copy link
Copy Markdown
Contributor

Automated refresh of vendored skills.sh skills to their latest upstream versions.

Updated lock directories:

  • plugins/chat-sdk
  • plugins/dev3000
  • plugins/eve
  • plugins/lavish
  • plugins/next
  • plugins/nostics
  • plugins/react
  • plugins/skill-optimizer
  • plugins/slack-agent
  • plugins/vercel-sandbox
  • plugins/vinext
  • plugins/web-design
  • plugins/workflow-sdk

Generated by .github/workflows/update-skills.ymlscripts/update-skills.ts.

@pleaseai-release-bot pleaseai-release-bot Bot added the dependencies Pull requests that update a dependency file label Jun 22, 2026
@vercel

vercel Bot commented Jun 22, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
claude-code-plugins Ready Ready Preview, Comment Jun 22, 2026 12:01pm

Request Review

@github-actions

Copy link
Copy Markdown

🔍 Tessl Skill Review

plugins/agent-browser/agent/skills/agent-browser/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/ai-sdk/agent/skills/ai-sdk/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/antfu/agent/skills/antfu/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/ast-grep/agent/skills/ast-grep/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/axi/agent/skills/axi/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/better-auth/agent/skills/better-auth-best-practices/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/better-auth/agent/skills/create-auth-skill/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/better-auth/agent/skills/email-and-password-best-practices/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/better-auth/agent/skills/organization-best-practices/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/better-auth/agent/skills/two-factor-authentication-best-practices/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/chat-sdk/.agents/skills/chat-sdk/SKILL.md

score

Review Details

Review Details

Dimension Score Detail
conciseness ██░ 2/3 The skill is mostly efficient but includes some unnecessary content. The long list of resource guides with full descriptions adds bulk, and the adapter catalog subpath section explains usage patterns that Claude could infer from types. The core concepts section is somewhat redundant given the quick start example. However, most sections earn their place.
actionability ███ 3/3 The skill provides fully executable code examples: scaffold commands with exact flags, a complete quick start TypeScript example, streaming integration code, and JSX card examples. The CLI flags are specific and copy-paste ready, and the webhook/route patterns point to concrete file paths.
workflow clarity ██░ 2/3 The scaffolding workflow is clear with explicit commands, and the quick start shows a logical progression. However, there are no validation checkpoints — no steps to verify the bot is running, no error handling guidance for webhook setup, and no feedback loops for common failure modes like missing env vars or adapter misconfiguration.
progressive disclosure ███ 3/3 The skill excels at progressive disclosure with a clear overview structure that points to specific node_modules doc paths for deeper topics. References are one level deep, well-organized by topic (events, streaming, cards, adapters, custom adapters), and clearly signaled with exact file paths. The guides and templates sections provide additional resources without cluttering the main content.

Overall: This is a well-structured skill that provides strong actionable guidance for building chat bots with Chat SDK. Its greatest strength is progressive disclosure — it serves as an effective index pointing to detailed docs while keeping the overview focused. The main weaknesses are the lack of validation/verification steps in workflows and some verbosity in the resources listing that could be trimmed.

Suggestions:

  • Add a verification step after scaffolding (e.g., 'Run pnpm dev and confirm the webhook endpoint responds at localhost:3000/api/webhooks/slack') and after the quick start to confirm the bot connects successfully.
  • Add a brief troubleshooting or common errors section covering missing env vars, signature verification failures, and adapter not found — these are the most likely failure points that would benefit from explicit guidance.

plugins/chat-sdk/agent/skills/chat-sdk/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/dev3000/.agents/skills/d3k/SKILL.md

score

Review Details

Review Details

Dimension Score Detail
conciseness █░░ 1/3 The skill is highly repetitive. The auth-sensitive browser rule, the 'Required Browser/Session Default' section, and parts of the Bootstrap Workflow all repeat the same guidance about not launching separate browsers and using d3k's browser-owning flow. The 'Why d3k-first' section explains motivation Claude doesn't need. Multiple sections restate the same commands and warnings, significantly inflating token count.
actionability ███ 3/3 The skill provides fully executable, copy-paste-ready commands throughout — installation, startup, browser interaction, debugging, and error recovery. Commands include specific flags and realistic examples with ports, URLs, and timeouts.
workflow clarity ███ 3/3 The bootstrap workflow is clearly numbered with explicit validation steps (checking d3k installation, verifying server with curl before opening browser). The non-auth fresh browser workflow includes cleanup of stale state, server verification, and sanity-check steps. Error recovery paths are specified (restart d3k cleanly, close stale daemons).
progressive disclosure ██░ 2/3 The content is a monolithic wall of text with no references to external files despite being over 150 lines. The non-auth fresh browser workflow, browser tool choice guide, and artifact paths could be split into separate reference files. However, sections are reasonably well-labeled with headers.

Overall: The skill provides excellent actionability with concrete, executable commands and clear multi-step workflows with validation checkpoints. However, it suffers significantly from redundancy — the same guidance about browser ownership and auth-sensitive flows is repeated across at least three sections, roughly doubling the token cost. The content would benefit from deduplication and splitting detailed workflows into referenced files.

Suggestions:

  • Consolidate the repeated browser-ownership/auth guidance into a single authoritative section and reference it from other sections instead of restating it (the 'Auth-Sensitive Browser Rule', 'Required Browser/Session Default', and parts of 'Bootstrap Workflow' all say the same thing).
  • Remove the 'Why d3k-first' section — Claude doesn't need motivation for following instructions; the behavioral rules alone are sufficient.
  • Extract the 'Non-Auth Fresh Browser/Profile Startup' and 'Browser Tool Choice' sections into separate referenced files (e.g., FRESH_PROFILE.md, BROWSER_TOOLS.md) to reduce the main skill's token footprint and improve progressive disclosure.
  • Remove redundant command blocks that appear in multiple sections (e.g., the agent-browser snapshot/click/errors sequence appears at least three times).

plugins/dev3000/agent/skills/d3k/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/docus/agent/skills/create-docs/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/docus/agent/skills/review-docs/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/apple/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/aws/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/emulate/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/github/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/google/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/linear/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/microsoft/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/next/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/resend/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/slack/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/stripe/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/emulate/agent/skills/vercel/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


plugins/eve/agent/skills/eve/SKILL.md

⚠️ Error: - Reviewing skill...
✘ Skill validation failed


To improve your score, point your agent at the Tessl optimization guide. Need help? Jump on our Discord.

Feedback

Report issues with this review at tesslio/skill-review, or send private feedback from your terminal with tessl feedback.

@socket-security

Copy link
Copy Markdown

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @auth/core is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/frameworks/next/package.jsonnpm/@auth/core@0.41.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@auth/core@0.41.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @icons-pack/react-simple-icons is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/@icons-pack/react-simple-icons@13.13.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@icons-pack/react-simple-icons@13.13.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/eslint-config-next@16.2.6npm/@typescript-eslint/eslint-plugin@8.59.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.59.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @vercel/fun is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/vercel@54.14.2npm/@vercel/fun@1.3.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@vercel/fun@1.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/@vercel/speed-insights@2.0.0npm/@vercel/analytics@2.0.1npm/jotai@2.20.0npm/eslint-config-next@16.2.6npm/next@16.2.6npm/nuxt@4.4.6npm/caniuse-lite@1.0.30001793

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/@vercel/speed-insights@2.0.0npm/@vercel/analytics@2.0.1npm/jotai@2.20.0npm/eslint-config-next@16.2.6npm/next@16.2.6npm/nuxt@4.4.6npm/caniuse-lite@1.0.30001793

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/@vercel/speed-insights@2.0.0npm/@vercel/analytics@2.0.1npm/jotai@2.20.0npm/eslint-config-next@16.2.6npm/next@16.2.6npm/nuxt@4.4.6npm/caniuse-lite@1.0.30001793

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/@vercel/speed-insights@2.0.0npm/@vercel/analytics@2.0.1npm/jotai@2.20.0npm/eslint-config-next@16.2.6npm/next@16.2.6npm/nuxt@4.4.6npm/caniuse-lite@1.0.30001793

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm cytoscape is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/mermaid@11.15.0npm/cytoscape@3.33.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cytoscape@3.33.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm damerau-levenshtein is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/eslint-config-next@16.2.6npm/damerau-levenshtein@1.0.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/damerau-levenshtein@1.0.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm env-runner is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/nitro@3.0.260610-betanpm/env-runner@0.1.12

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/env-runner@0.1.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/eslint-config-next@16.2.6npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-react is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/eslint-config-next@16.2.6npm/eslint-plugin-react@7.37.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-react@7.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm imsc is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/react-player@3.4.0npm/imsc@1.1.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/imsc@1.1.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm jotai is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/jotai@2.20.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jotai@2.20.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm json-schema is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/pnpm-lock.yamlnpm/ai@6.0.191npm/@ai-sdk/react@3.0.193npm/@ai-sdk/provider@4.0.0-beta.19npm/json-schema@0.4.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/json-schema@0.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm just-bash is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/packages/eve/package.jsonnpm/just-bash@3.0.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/just-bash@3.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm mermaid is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/mermaid@11.15.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/mermaid@11.15.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm mermaid is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/eve/agent/skills/eve/apps/docs/package.jsonnpm/mermaid@11.15.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/mermaid@11.15.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 7 more rows in the dashboard

View full report

@codacy-production

Copy link
Copy Markdown

Not up to standards ⛔

🔴 Issues 1 critical · 47 high · 32 medium · 20 minor

Alerts:
⚠ 100 issues (≤ 0 issues of at least minor severity)

Results:
100 new issues

Category Results
BestPractice 5 high
ErrorProne 23 high
Security 20 minor
19 high
1 critical
32 medium

View in Codacy

🟢 Metrics 41959 complexity · 5594 duplication

Metric Results
Complexity 41959
Duplication 5594

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@amondnet amondnet merged commit b434dcc into main Jun 23, 2026
11 of 13 checks passed
@amondnet amondnet deleted the chore/update-skills branch June 23, 2026 06:53
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant