Skills
skills/jwcodewrote/agent_skills_plugin/design/Socket

design

Warn

Audited by Socket on Apr 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

该 skill 的菜单与设计用途基本一致,但其核心异常在于会自动安装第三方 skill 包并立即继续执行,形成明显的传递信任链。未见直接窃密或恶意载荷证据,因此更适合归类为 SUSPICIOUS:中等偏高供应链/执行风险,而非确认恶意。

Confidence: 86%Severity: 62%
Audit Metadata
Analyzed At
Apr 2, 2026, 10:21 AM
Package URL
pkg:socket/skills-sh/jwcodewrote%2Fagent_skills_plugin%2Fdesign%2F@0d162ff1aedcef06257280f2be89905873bc97bb