skills/confa-tech/agent-skills/travel-companion/Socket

travel-companion

Warn

Audited by Socket on Mar 19, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS. The skill’s purpose and data flow are mostly coherent for travel planning, but it relies on executing a remotely fetched npm CLI with unpinned @latest guidance and weak publicly verifiable package provenance. The main concern is install/execution trust rather than clear malicious behavior or disproportionate data access.

Confidence: 79%Severity: 58%

Audit Metadata

Analyzed At

Mar 19, 2026, 05:37 AM

Package URL

pkg:socket/skills-sh/confa-tech%2Fagent-skills%2Ftravel-companion%2F@d3d91b815d04374d0a81ca7204d88de46f554246