skills/mksglu/claude-context-mode/upgrade/Socket

upgrade

Fail

Audited by Socket on Mar 3, 2026

1 alert found:

Obfuscated File

Obfuscated FileSKILL.md

HIGH

Obfuscated FileHIGH

SKILL.md

The skill legitimately performs a local upgrade but requires executing a local Node CLI and re-printing its output, which together present moderate-to-high security risk. Primary concerns: arbitrary code execution at user privilege, supply-chain tampering during git/npm operations, and exposure or prompt-injection via unfiltered CLI output. Mitigations before running: require explicit user confirmation, run the upgrade in a sandboxed/least-privileged environment, pin/verify remote artifacts, and sanitize or redact CLI output before re-displaying. If those safeguards cannot be implemented, avoid executing this upgrade as-is.

Confidence: 98%

Audit Metadata

Analyzed At

Mar 3, 2026, 05:37 PM

Package URL

pkg:socket/skills-sh/mksglu%2Fclaude-context-mode%2Fupgrade%2F@e0166e158a9d023805d70e7ec22cea7c2196f71a