skills/cafe3310/public-agent-skills/plugin-search-and-use/Socket

plugin-search-and-use

Warn

Audited by Socket on Mar 27, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: 该技能表面上是本地插件检索器，但其真实作用是把外部插件文档和 SKILL 指令注入代理并可能继续执行命令或调用连接器。没有远程安装或明显窃密流量，因此不像确认恶意；但转移信任链、手动模拟 hooks/commands、以及未获官方充分验证的 Claude->Gemini 适配，使其风险高于普通文档型技能。

Confidence: 87%Severity: 68%

Audit Metadata

Analyzed At

Mar 27, 2026, 08:58 AM

Package URL

pkg:socket/skills-sh/cafe3310%2Fpublic-agent-skills%2Fplugin-search-and-use%2F@36255005e9ee1054275590f5697b6786a7afada0