Skills
skills/opensearch-project/opensearch-agent-skills/trace-analytics/Socket

trace-analytics

Warn

Audited by Socket on May 8, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s purpose broadly matches trace analytics, but it expands trust to remotely fetched MCP packages, forwards OpenSearch/AWS credentials into those tools, and documents disabling TLS verification. The overall footprint is plausible for the task but carries meaningful supply-chain and credential-handling risk rather than clear malicious intent.

Confidence: 83%Severity: 64%
Audit Metadata
Analyzed At
May 8, 2026, 07:45 AM
Package URL
pkg:socket/skills-sh/opensearch-project%2Fopensearch-agent-skills%2Ftrace-analytics%2F@31e14bd9f16e2204a591082973393fe470a0a6a9