skills/majesticlabs-dev/majestic-marketplace/readme-craft/Socket

readme-craft

Fail

Audited by Socket on Feb 16, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] command_injection: Reference to external script with install/setup context (SC005) BENIGN overall — this is a README template/skill giving documentation patterns. No malicious code or hidden data exfiltration is present. The only security consideration is the inclusion of 'curl ... | bash' style examples; while common in docs, that pattern is risky if executed against untrusted URLs. Recommend adding warnings and safer installation alternatives (checksums, GPG signatures, or staged install steps) to reduce accidental remote-code-execution risk. LLM verification: This is a README/template document that contains no embedded malicious code, but it repeatedly encourages insecure install patterns (notably 'curl | bash' and unverified git installs) without recommending verification or safer alternatives. The primary risk is social-engineering-style: the guidance normalizes copy-paste execution of remote scripts, which substantially increases supply-chain and local-execution risk if real URLs are used. Recommend updating templates to: (1) avoid promoting pipe-

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 16, 2026, 09:09 PM

Package URL

pkg:socket/skills-sh/majesticlabs-dev%2Fmajestic-marketplace%2Freadme-craft%2F@aeb72a89c0d31a1ceeb4ca6e753428b4e8df2ae2