skills/6fy/lfy-cli/lfy-user/Socket

lfy-user

Warn

Audited by Socket on May 19, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的用途与行为基本一致，属于只读用户/销售信息查询；主要问题是核心依赖 `lfy-cli` 为不可从技能文本中验证来源的外部二进制。未见恶意外传、隐藏执行或不相称的权限请求，因此更接近可疑/高风险供应链依赖，而非确认恶意。

Confidence: 82%Severity: 72%

Audit Metadata

Analyzed At

May 19, 2026, 07:00 AM

Package URL

pkg:socket/skills-sh/6fy%2Flfy-cli%2Flfy-user%2F@20bfcb66e52ea7071c37fc9f24f9ea36fdd64965

Security Audit — socket — lfy-user