Skills
skills/xu-xiang/everything-claude-code-zh/oneskill/Socket

oneskill

Warn

Audited by Socket on Mar 13, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的声明用途与实际能力基本一致,但其核心行为是通过 npx 安装并引入其他技能,带来明显的供应链与传递信任风险。由于支持从 GitHub、本地路径或私有仓库安装第三方技能,且新技能可获得代理执行影响,整体应判定为 SUSPICIOUS 而非恶意。

Confidence: 87%Severity: 78%
Audit Metadata
Analyzed At
Mar 13, 2026, 12:44 AM
Package URL
pkg:socket/skills-sh/xu-xiang%2Feverything-claude-code-zh%2Foneskill%2F@605b54c0087de7dfc380d96ec1a7f48fff53faeb