skills/xu-xiang/everything-claude-code-zh/configure-ecc/Socket

configure-ecc

Warn

Audited by Socket on Mar 13, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能目的与其主要能力基本一致：安装、验证并优化 ECC 技能/规则。但其通过未固定版本的个人 GitHub 仓库拉取内容，并将其他技能直接安装到 Claude 配置目录，形成明显的供应链与转移信任风险。整体更适合判定为 SUSPICIOUS 而非 MALICIOUS：未见直接窃密或异常外传，但安装来源与信任链风险偏高。

Confidence: 88%Severity: 76%

Audit Metadata

Analyzed At

Mar 13, 2026, 12:40 AM

Package URL

pkg:socket/skills-sh/xu-xiang%2Feverything-claude-code-zh%2Fconfigure-ecc%2F@6901690697de9b97d62a365e91c340bd617ca0d2