lfy-customer

Warn

Audited by Socket on Apr 10, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS。技能宣称的只读客户查询用途与功能基本一致，也未见明显越权、隐蔽行为或第三方凭证中转；但其核心依赖 lfy-cli 为不可公开验证的外部二进制，安装来源、发布链、源码和凭证处理均缺乏可核验信息。基于不可验证 CLI 的强制风险下限，应判为高安全风险而非确认恶意。

Confidence: 86%Severity: 78%

Audit Metadata

Analyzed At

Apr 10, 2026, 07:06 AM

Package URL

pkg:socket/skills-sh/6fy%2Flfy-cli%2Flfy-customer%2F@a36f3684fda6fbb7f6b7f4e5ea82fc6cef25dbf7