skills/vigolium/skills/vigolium-scanner/Socket

vigolium-scanner

Warn

Audited by Socket on Mar 30, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS. The skill is internally consistent as a security-testing tool, but it gives an AI agent offensive scanning, autonomous operation, arbitrary JS/extension execution, broad source/traffic ingestion, and credential-bearing authenticated workflows. There is no clear credential-harvesting or hidden exfiltration endpoint in the text, so this is not confirmed malware, but it is a high-risk skill by design.

Confidence: 87%Severity: 86%

Audit Metadata

Analyzed At

Mar 30, 2026, 04:01 PM

Package URL

pkg:socket/skills-sh/vigolium%2Fskills%2Fvigolium-scanner%2F@0bf051a4354691d20c053cf46852adc13f228195