Skills
skills/shetengteng/skillix-hub/skill-store/Socket

skill-store

Warn

Audited by Socket on Apr 7, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的功能与“Skill 包管理器”定位基本一致,但其实际风险较高:它允许从任意 Git 仓库发现并安装 Skills,还会递归安装依赖并在会话启动时自动同步。最主要问题不是目的失配,而是供应链与转信任链过强、缺少来源验证与固定版本机制。应判为 SUSPICIOUS。

Confidence: 90%Severity: 84%
Audit Metadata
Analyzed At
Apr 7, 2026, 07:36 PM
Package URL
pkg:socket/skills-sh/shetengteng%2Fskillix-hub%2Fskill-store%2F@1f0ca72aa32b8d64523427a50ea2c66ffa8915a6