skills/rajavijayach/electrobun-skills/electrobun-distribution/Socket

electrobun-distribution

Fail

Audited by Socket on Feb 22, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill documentation is consistent with its stated purpose (packaging, signing, notarization, distribution, and auto-update). There is no direct malicious code present in the provided content. However multiple high-impact operational risks are present and should be mitigated: (1) macOS entitlements shown are permissive and weaken platform protections — avoid enabling 'allow-unsigned-executable-memory' and 'disable-library-validation' unless strictly necessary and understood; (2) auto-update design requires trusting the update server — ensure updates are cryptographically signed, served over HTTPS, and that signature verification occurs client-side before installation; (3) CI handling of private signing certificates is sensitive — use short-lived credentials, restricted runners, and strong secret management; (4) fix insecure examples (use https timestamping endpoint). Overall the content is BENIGN in intent but operationally sensitive; follow best practices for signing keys, update server security, and restrictive entitlements. LLM verification: This package/document is a legitimate and standard distribution and auto-update guide for Electrobun applications. It does not contain obvious malicious code, but it describes high-risk operational practices if implemented without strong controls: updater trust model relies on the update server and sample code lacks explicit client-side signature verification; CI handling of signing keys exposes high-value credentials; macOS entitlements relax important protections. Treat this as operational sup

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 22, 2026, 07:53 AM

Package URL

pkg:socket/skills-sh/rajavijayach%2Felectrobun-skills%2Felectrobun-distribution%2F@1051751bc169b1b527efac8f877031b7848f824e