Skills
skills/6fy/lfy-cli/lfy-base/Socket

lfy-base

Warn

Audited by Socket on May 19, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS。技能用途本身较窄且与命令表面一致,但其核心依赖 lfy-cli 为不可验证外部二进制,并且该 CLI 会接收自动注入的凭证。未见明确恶意或直接窃取证据,因此不判定为恶意;但依据不可验证 CLI 和凭证转交规则,应视为高风险供应链/凭证处理技能。

Confidence: 88%Severity: 84%
Audit Metadata
Analyzed At
May 19, 2026, 07:00 AM
Package URL
pkg:socket/skills-sh/6fy%2Flfy-cli%2Flfy-base%2F@4bc0cfb1f846b5f9f4b241548ec6c14c63af48c4
Security Audit — socket — lfy-base