Skills
skills/zephyrwang6/myskill/storyboard-generator/Socket

storyboard-generator

Warn

Audited by Socket on Mar 20, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的核心用途与 Gemini 图像生成基本一致,外部 API 目标也是 Google 官方域名,因此不像典型的第三方中间人窃密技能;但它在技能文本中直接暴露真实 API key,并把该凭证传给未验证的本地脚本执行,形成严重凭证泄露与黑箱脚本风险。总体应判定为 SUSPICIOUS,而非已确认恶意。

Confidence: 94%Severity: 90%
Audit Metadata
Analyzed At
Mar 20, 2026, 12:30 PM
Package URL
pkg:socket/skills-sh/zephyrwang6%2Fmyskill%2Fstoryboard-generator%2F@ca3c57ae373b7ab2a274a0004d9d6ae9e360c161