skills/nikiandr/goose-skills/aeo/Socket

aeo

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS. The skill’s purpose and requested capabilities are mostly aligned, but it relies entirely on an unpinned third-party npm CLI invoked via npx @latest and forwards multiple API keys into that package. This looks more like a supply-chain and credential-handling risk than confirmed malicious behavior.

Confidence: 79%Severity: 58%

Audit Metadata

Analyzed At

Mar 29, 2026, 05:17 PM

Package URL

pkg:socket/skills-sh/nikiandr%2Fgoose-skills%2Faeo%2F@c694a9fad3ad1594352ea0e6bbb7bd88125905cb