llm-models
Fail
Audited by Socket on Feb 25, 2026
1 alert found:
MalwareMalwareSKILL.md
HIGHMalwareHIGH
SKILL.md
The analyzed workflow fulfills its stated purpose of providing multi-model access via a single CLI, but it harbors non-trivial supply-chain risks due to the download-and-execute installer pattern. Although checksum verification is claimed, the security posture hinges on robust handling of installer sources, pinned checksums, and secure credential storage during login. Recommend migrating to a trusted, signed package repository or containerized installation, explicit credential management practices, and verifiable, pinned artifact sources to reduce risk. Overall, the approach is functionally coherent but security-conscious posture must be strengthened before production use.
Confidence: 95%Severity: 90%
Audit Metadata