og-image-design

Fail

Audited by Socket on Feb 25, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

The material is legitimate documentation for generating OG/social images using a cloud-backed CLI and apps. No direct indicators of malicious code are present in the provided file, but there are notable supply-chain and privacy risks: the curl|sh install pattern without demonstrated verification, execution of remote binaries, and transmission of arbitrary user content to third-party backends (risking accidental exfiltration of secrets). Recommend updating installation guidance to show checksum/signature verification, documenting data handling/retention and privacy for the remote services, and adding explicit warnings not to include sensitive data in payloads. With these mitigations the risk profile is moderate rather than high.

Confidence: 98%Severity: 90%
Audit Metadata
Analyzed At
Feb 25, 2026, 05:38 PM
Package URL
pkg:socket/skills-sh/inference-sh-9%2Fskills%2Fog-image-design%2F@909eb763f221640bfae831b86d16b9f0c46d0687