Skills
skills/desperado/mcp-avatar-builder/avatar-builder/Socket

avatar-builder

Fail

Audited by Socket on Mar 10, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
SKILL.md

Benign. The skill coherently implements offline, deterministic avatar generation with SVG/PNG output and decouples from external credentials or APIs. The primary risk is typical supply-chain risk associated with fetching tools via npm (npx) from registries, but this is standard for development tooling and does not indicate malicious behavior within the described scope.

Confidence: 98%
Audit Metadata
Analyzed At
Mar 10, 2026, 02:20 AM
Package URL
pkg:socket/skills-sh/desperado%2Fmcp-avatar-builder%2Favatar-builder%2F@ed16c95a2127e5d462337095591487033bbbfa7f