Question 1

Is dowands/affiliatematic safe to install?

Accepted Answer

Oathe's behavioral security audit gives dowands/affiliatematic a trust score of 89/100 with a verdict of SAFE. 6 findings were detected. Affiliatematic is a documentation-only affiliate marketing integration skill containing no executable code, no prompt injection, and no malicious installation behavior — the git clone was clean, canary files were untouched, and all network activity during installation was limited to expected GitHub and Ubuntu servers. The meaningful risks are downstream rather than direct: the skill guides users to embed unpinned third-party JavaScript from affiliatematic.com on their websites (creating a persistent supply chain attack surface), and it promotes an unverified service whose business model creates opportunity for affiliate commission theft via tag substitution.

Question 2

What security issues were found in dowands/affiliatematic?

Accepted Answer

6 findings were detected: MEDIUM — Unpinned Third-Party JavaScript Injection Recommended; MEDIUM — Unverified Affiliate Service with Commission Theft Potential; LOW — Widget JavaScript Has Full Visitor Data Access on Host Pages; LOW — Agent May Be Directed to Fetch Third-Party URLs; INFO — Clean Installation with No Unexpected Behavior; INFO — Canary File Accesses Attributable to Audit Framework.

Question 3

Should I install dowands/affiliatematic?

Accepted Answer

Based on Oathe's audit, the recommendation is: INSTALL_WITH_CAUTION. Trust score: 89/100.

Is `dowands/affiliatematic` safe?

Category Scores

Findings (6)

Is dowands/affiliatematic safe?

Category Scores

Findings (6)

Is `dowands/affiliatematic` safe?