drawio

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core diagramming purpose is coherent and the draw.io CLI source appears official, but the wrapper materially expands trust by instructing transitive installation of external skill bundles and a referenced local installer script. There is no clear credential theft or exfiltration, so this is not malicious, but the install/execution footprint is broader than a simple diagram helper.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 07:07 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fdrawio%2F@16213093525ad3c7e467da56f0cdd0a9ea0f4120407ebf9e0bd9f291a510836e
Security Audit — socket — drawio