skills/xu-cell/ai-engineering-init/codex-code-review/Socket

codex-code-review

Warn

Audited by Socket on Mar 13, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

整体目的与主要能力基本一致，Phase 1-2 本地审查属合理开发流程；但可选 Phase 3 通过第三方 skill 的 bridge 脚本把审查任务转交给外部 Codex，带来明显的供应链与代码外发风险。结论为 SUSPICIOUS：不是明确恶意，但跨技能依赖、外部数据流和额外路径访问使其风险高于普通本地代码审查 skill。

Confidence: 86%Severity: 66%

Audit Metadata

Analyzed At

Mar 13, 2026, 07:08 PM

Package URL

pkg:socket/skills-sh/xu-cell%2Fai-engineering-init%2Fcodex-code-review%2F@3e0a17876273c3b6aa5a6ad8713fa7c1d8c6dcaa