lfy-report

Warn

Audited by Socket on Apr 16, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的声明用途与实际命令基本一致，未见明显恶意指令、越权写操作或第三方窃取端点；但它完全依赖一个公开来源不可验证的 `lfy-cli` 黑盒二进制完成登录和报表访问。依据未验证 CLI 的强制规则，应判为可疑且高风险供应链依赖，而非确认恶意。

Confidence: 84%Severity: 82%

Audit Metadata

Analyzed At

Apr 16, 2026, 01:52 AM

Package URL

pkg:socket/skills-sh/6fy%2Flfy-cli%2Flfy-report%2F@7cbfc182ce21f1348c42e5efc6786c7498eec876