Skills
skills/allium-labs/skills/allium-x402/Socket

allium-x402

Warn

Audited by Socket on Mar 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s purpose mostly matches its blockchain-data functionality, and the domains appear same-org, but it expands trust by raw-downloading skill files, dynamically fetching more instructions, reading local credentials, and enabling automatic wallet-signed micropayments. This is not confirmed malware, but it has meaningful supply-chain, credential-handling, and autonomous-action risk.

Confidence: 84%Severity: 68%
Audit Metadata
Analyzed At
Mar 13, 2026, 08:42 AM
Package URL
pkg:socket/skills-sh/allium-labs%2Fskills%2Fallium-x402%2F@63dfd5e662e0c49c4b32afa1b4558e012da0b53b