Skills
skills/doyoonear/skills-and-agents/allow-permissions/Socket

allow-permissions

Fail

Audited by Socket on Mar 6, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
SKILL.md

Functionally the skill matches its stated purpose and contains reasonable high-level safeguards (deny patterns, duplicate checks, user confirmation for sensitive commands). The main residual risks are automatic screenshot scanning, excessive wildcard generalization that grants broad Bash/Read permissions, and executing validation commands without strict input sanitization. Recommend: require explicit per-file consent for local screenshots, present OCR-extracted text and proposed normalized permissions for user approval, default to least-privilege (no wildcarding unless approved), perform safe/argumentized validation (no shell interpolation), back up settings.json before changes, and log/audit all modifications. Treat as medium security risk until these mitigations are enforced.

Confidence: 98%
Audit Metadata
Analyzed At
Mar 6, 2026, 06:41 AM
Package URL
pkg:socket/skills-sh/doyoonear%2Fskills-and-agents%2Fallow-permissions%2F@7900211217850cb27094fadbf69142ce0788b6ec