skills/microck/ordinary-claude-skills/fabric/Socket

fabric

Fail

Audited by Socket on Feb 16, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No direct malicious code or obfuscation is present in the provided skill instruction file. The instructions and capabilities align with the stated purpose (selecting and using Fabric patterns). The primary security concern is supply-chain risk: the skill instructs cloning and using an upstream GitHub repository without pinned commits or integrity checks, meaning a compromise of that repo or its dependencies could result in execution of malicious patterns or code. Recommend adding verification steps (pin commit SHA, verify signatures or checksums) and restricting execution of untrusted patterns or inspecting pattern contents before execution. LLM verification: Not overtly malicious based on provided content, but suspicious from a supply-chain and privilege perspective. The skill clones and executes unpinned external code (git clone + go install @latest), references local credential/config paths, and includes documentation showing rm -rf/backtick shell usage. These behaviors are coherent with the purpose but grant broad filesystem and network capabilities that are disproportionate for simple pattern selection and processing. Recommend treating as SUSPI

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 16, 2026, 11:01 AM

Package URL

pkg:socket/skills-sh/microck%2Fordinary-claude-skills%2Ffabric%2F@1585c3f413d22ea4598d9d8e5a88525f9c109493