huashu-xhs-image

Warn

Audited by Socket on Mar 18, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能目标与大部分能力基本匹配：生成、预览、上传小红书配图。但关键实现依赖两个未验证的本地脚本，其中一个还接收从 `.env` 读取的 Gemini API key，这使其从普通设计工作流升级为高风险技能。整体更像高风险但未证实恶意；判定为 SUSPICIOUS。

Confidence: 89%Severity: 84%

Audit Metadata

Analyzed At

Mar 18, 2026, 08:15 PM

Package URL

pkg:socket/skills-sh/alchaincyf%2Fhuashu-skills%2Fhuashu-xhs-image%2F@f5ada347c4692d5fbbd41e89652d2c64ff1516be