skills/inference-sh-8/skills/competitor-teardown/Socket

competitor-teardown

Fail

Audited by Socket on Mar 27, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

SUSPICIOUS. The skill's research and screenshot capabilities mostly fit its stated competitor-analysis purpose, but it expands trust with a remote CLI, remote app execution, transitive skill installs, and broad processing of untrusted web content under Bash access. The install path looks same-org and official, which lowers malware likelihood, but overall security risk remains medium due to supply-chain, indirect prompt-injection, and transitive-install concerns.

Confidence: 84%Severity: 58%

Audit Metadata

Analyzed At

Mar 27, 2026, 02:29 PM

Package URL

pkg:socket/skills-sh/inference-sh-8%2Fskills%2Fcompetitor-teardown%2F@697db1259ff2ff96f044cd9fa695a8ac81883192