process-compose-ops

Warn

Audited by Socket on Jun 16, 2026

1 alert found:

Anomaly
AnomalyLOW
references/boot-persistence-windows.md

This module primarily implements legitimate boot auto-start for a bundled local application using Task Scheduler plus a wrapper that sets PATH and optionally loads .env configuration. No explicit malware behaviors (network exfiltration, credential theft, reverse shells, or destructive actions) are present in the shown code. However, it does introduce meaningful security risk due to Windows boot persistence, hidden execution, and -ExecutionPolicy Bypass, combined with weakly validated .env-to-environment injection that can propagate secrets or attacker-controlled values into the launched executable. The main threat is supply-chain/tampering: if the package artifacts or .env/YAML are altered, persistence makes repeated execution likely.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 16, 2026, 11:55 AM
Package URL
pkg:socket/skills-sh/0xdarkmatter%2Fclaude-mods%2Fprocess-compose-ops%2F@35e9f7c6fd9a81b81b530be970ce1f62d69604f9f3a8481b7486483a873cad60
Security Audit — socket — process-compose-ops