skills/btc-vision/opnet-skills/opnet-development/Socket

opnet-development

Fail

Audited by Socket on Feb 16, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The artifact is a benign, governance-oriented development SKILL intended to steer integration of OPNet-based projects. It does not introduce executable code with insecure data flows or credential handling. It enforces a disciplined, TS-first workflow with extensive mandatory reading and verification steps. No evidence of malware, data exfiltration, or malicious behavior detected within the provided content. LLM verification: The SKILL.md is an instructional/organizational document, not executable malware. I find no explicit malicious code or obfuscation in the provided fragment. The primary security concern is an increased supply-chain attack surface: unpinned npm installs, repeated execution of build/lint/typecheck (which can trigger lifecycle scripts), references to `.config`/local config access, and recommendation to install a high-privilege Chrome extension without vetting guidance. Recommended mitigations: pin

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 16, 2026, 08:42 AM

Package URL

pkg:socket/skills-sh/btc-vision%2Fopnet-skills%2Fopnet-development%2F@2e4c74f2caf9f2ef9651c3ffe86e1e8f751c24e8