skills/greenheadhq/nixos-config/automating-hammerspoon/Socket

automating-hammerspoon

Warn

Audited by Socket on Mar 18, 2026

1 alert found:

Anomaly

Anomalyreferences/hotkeys.md

LOW

AnomalyLOW

references/hotkeys.md

The fragment is a user-facing Hammerspoon configuration describing system-wide key remapping and Ghostty integration. While no explicit malicious code is shown, the capabilities imply elevated privileges and broad control over input and app launching, which introduces non-trivial security risk if misused or exposed insecurely. A deeper code review of the actual Lua implementations (interception, translation, IPC exposure) and secure default configurations is required before use in a supply-chain context. Recommend restricting IPC exposure, validating inputs, and auditing all data flows to prevent potential data leakage or abuse.

Confidence: 75%Severity: 60%

Audit Metadata

Analyzed At

Mar 18, 2026, 04:15 PM

Package URL

pkg:socket/skills-sh/greenheadhq%2Fnixos-config%2Fautomating-hammerspoon%2F@bcc4ad6988847df588c779800f8e5f7b7af4dad4