Skills
skills/didit-protocol/didit-agent-skills/didit-id-document-verification/Socket

didit-id-document-verification

Fail

Audited by Socket on Mar 3, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
SKILL.md

This package fragment is legitimate API documentation for an identity-document verification service. It does not contain code that appears malicious (no hidden backdoors, reverse shells, or external unknown domains). The primary security concerns are expected privacy and operational risks: transmission and storage of highly sensitive PII and document images, potential exposure of long-lived API keys, and lack of explicit documentation about retention, deletion, and encryption controls. Integrators should treat DIDIT_API_KEY as a sensitive credential, minimize uploaded data, explicitly manage save_api_request settings, and confirm retention and deletion policies with Didit before sending production data. Overall: low likelihood of intentional malware, moderate security/privacy risk due to sensitive data flows and incomplete privacy controls in the docs.

Confidence: 98%
Audit Metadata
Analyzed At
Mar 3, 2026, 05:23 AM
Package URL
pkg:socket/skills-sh/didit-protocol%2Fdidit-agent-skills%2Fdidit-id-document-verification%2F@5b19d3b9ee38e0ccfcbb5659262c2bb3b7a9ca55