Skills
skills/6fy/lfy-cli/lfy-schedule/Socket

lfy-schedule

Warn

Audited by Socket on May 19, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的功能范围与“日程任务查询”基本一致,未见明显恶意外传、修改操作或第三方代理流量,整体更像正常企业内部查询技能。但其核心依赖 `lfy-cli` 黑盒二进制,且技能未提供可验证的安装/发布来源;根据强制规则,这一不可验证 CLI 使整体安全风险维持高位。结论为 SUSPICIOUS:主要是供应链与可验证性问题,不是已确认恶意。

Confidence: 84%Severity: 72%
Audit Metadata
Analyzed At
May 19, 2026, 07:00 AM
Package URL
pkg:socket/skills-sh/6fy%2Flfy-cli%2Flfy-schedule%2F@083c0769f12083060608625acb3b9d15ed56cb6a
Security Audit — socket — lfy-schedule