Skills
skills/2sem/coinone-api-skills/coinone-openapi/Socket

coinone-openapi

Warn

Audited by Socket on Apr 15, 2026

1 alert found:

Anomaly
AnomalyLOW
.github/workflows/check-api-updates.yml

No clear evidence of intentional malware or overt data theft is visible in this workflow fragment. The primary risk is elevated supply-chain/automation abuse potential: untrusted external RSS content steers a beta LLM agent that has agent-mode tooling capable of editing and writing repository changes, enabled by workflow-level write permissions. This warrants security review and hardening (pin actions, restrict permissions and agent tools, and validate/mitigate prompt-injection from RSS-derived text).

Confidence: 62%Severity: 63%
Audit Metadata
Analyzed At
Apr 15, 2026, 06:16 AM
Package URL
pkg:socket/skills-sh/2sem%2Fcoinone-api-skills%2Fcoinone-openapi%2F@655e079a56c4107a7bb5d3eeb4356756df6afd24
Security Audit — socket — coinone-openapi