skills/kehwar/frappe_tweaks/skill-importer/Socket

skill-importer

Fail

Audited by Socket on Feb 18, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] This skill importer is functionally consistent with its stated purpose (cloning GitHub skill directories and copying them into .github/skills/). The operations described are powerful but expected for such a tool. However, the design lacks strong integrity and safety controls: it copies arbitrary remote code into the repository without pinned SHAs, signature checks, or mandatory review, and it uses destructive rm -rf replacements. That combination makes it a supply-chain risk: a malicious or compromised upstream skill can be imported and then executed by CI or developers. I classify this as SUSPICIOUS (not directly malicious in the provided files) and recommend adding safeguards (pin to commit SHAs, require code review, verify signatures, perform static scanning, avoid unconditional rm -rf, default to dry-run and diff, and restrict allowed owners) before using automatically in production. LLM verification: No evidence of embedded malware or obfuscated malicious behavior in the provided documentation/content. The tool behaves as a legitimate importer: it reads a YAML list of GitHub tree URLs, clones repositories, copies skill directories, and cleans up. The primary security concerns are operational and supply-chain: the workflow encourages pulling arbitrary upstream code into the repository without enforced verification and uses destructive rm -rf operations that can cause data loss. Treat this too

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 18, 2026, 12:08 AM

Package URL

pkg:socket/skills-sh/kehwar%2Ffrappe_tweaks%2Fskill-importer%2F@2d1e7c5e83a6a1fa01f5ed97be2259a95192f501