Skills
skills/0xshe/php-code-audit-skill/php-archive-extract-audit/Socket

php-archive-extract-audit

Warn

Audited by Socket on Mar 25, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能与其声明目的基本一致:它是一个 PHP 归档解压路径穿越审计指南,而不是安装器或凭据收集器。未见外部数据外传、凭据转发、可疑下载执行或隐藏行为,因此不像恶意技能;但它明确赋予 AI 代理漏洞挖掘与 PoC 生成能力,属于高风险安全审计/利用类技能。综合判定为 SUSPICIOUS:风险主要来自攻防能力本身,而非供应链或数据流恶意迹象。

Confidence: 90%Severity: 76%
Audit Metadata
Analyzed At
Mar 25, 2026, 02:35 AM
Package URL
pkg:socket/skills-sh/0xShe%2FPHP-Code-Audit-Skill%2Fphp-archive-extract-audit%2F@35509cdde6222a0efa525201cb6f20ef93807bb6
Security Audit — socket — php-archive-extract-audit