compresso

Warn

Audited by Socket on Jun 27, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core CompressO app purpose, local media-processing capabilities, and official repo/release install paths are broadly coherent and look benign. The main concern is the separate `npx skills add` instruction pointing to an unrelated third-party skills repository, which introduces transitive trust inconsistent with the stated upstream publisher; this elevates overall risk despite otherwise local-only behavior.

Confidence: 89%Severity: 56%
Audit Metadata
Analyzed At
Jun 27, 2026, 04:59 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fcompresso%2F@9658df33a4f7c466eab3e6a64dc243ba137cffba0e6536789209431a4beb82d3
Security Audit — socket — compresso