find-skills

Warn

Audited by Socket on Apr 7, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS：目的与能力基本一致，且 `skills` CLI 来源可验证为官方同生态工具；但该 skill 的核心行为是引导安装第三方 skills，构成明显的传递信任与供应链扩展风险。它本身不像恶意窃密，但会把代理权限暴露给后续未独立审查的第三方 skill，因此应按中高风险处理。

Confidence: 90%Severity: 74%

Audit Metadata

Analyzed At

Apr 7, 2026, 11:35 AM

Package URL

pkg:socket/skills-sh/caomeiyouren%2Fmomei%2Ffind-skills%2F@6938cb8b41f5b9a643b79cdf2269a653fd283c21