md-to-visual

Warn

Audited by Socket on Mar 13, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的功能范围与“Markdown 转视觉卡片”目的基本一致，未见明显凭证窃取、越权文件读取或恶意外传路径；但它依赖未公开源码、不可独立验证的 pencil MCP/本地应用作为核心执行组件，带来显著供应链与执行信任风险。整体应判为 SUSPICIOUS 而非 MALICIOUS。

Confidence: 86%Severity: 78%

Audit Metadata

Analyzed At

Mar 13, 2026, 04:34 AM

Package URL

pkg:socket/skills-sh/ANIAN0%2Fpick-skills%2Fmd-to-visual%2F@89c73c536b9db3824ea13df79bdfc72283e38d2e