heretic

Warn

Audited by Socket on Jul 1, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/install.sh

No strong evidence of intentional malware or hidden payloads in this installer script. The primary security concerns are (1) the use of `eval "$*"` in the command execution helper, which can amplify impact if environment variables are manipulated, and (2) supply-chain redirection/fetch risk via configurable UPSTREAM_URL/REF (UV=1) and unpinned/unverified installation behavior in the non-UV path (pip install -U). This warrants careful use in controlled environments and should ideally replace eval and add integrity/pinning/verification controls.

Confidence: 72%Severity: 52%
Audit Metadata
Analyzed At
Jul 1, 2026, 02:30 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fheretic%2F@b855f830df56e8138fb271ed38e39fbc58b59df80fca4eeac7910d113f27bec2
Security Audit — socket — heretic