Skills
skills/bitwize-music-studio/claude-ai-music-skills/setup/Socket

setup

Warn

Audited by Socket on Feb 22, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

[Skill Scanner] Installation of third-party script detected BENIGN: The skill fragment acts as a structured, user-guided setup assistant for Python-based plugin dependencies. It uses standard, widely trusted tooling (venv, pip, Playwright) and does not request credentials or exfiltrate data. No anomalous data flows or hidden actions identified. Security risk remains low to moderate due to external network activity for dependencies, but this is expected and appropriate for setup tasks. LLM verification: This skill is consistent with its stated purpose (detect Python environment, create unified venv, install dependencies, verify via imports). There are no direct signs of malware or obfuscated/backdoor code in the skill descriptor itself. The primary security concern is standard supply-chain risk: it instructs users to run `pip install -r requirements.txt` and `playwright install chromium` without pinned versions or hash verification, which means a compromised requirements file or malicious packa

Confidence: 75%Severity: 75%
Audit Metadata
Analyzed At
Feb 22, 2026, 07:01 AM
Package URL
pkg:socket/skills-sh/bitwize-music-studio%2Fclaude-ai-music-skills%2Fsetup%2F@606c83c6352a73386c3f9e66e6c190ba99186978