open-design

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core Open Design workflow is broadly consistent with a local design-generation skill and uses a plausible same-org GitHub source, but the included transitive installation of a separate third-party skill repo is a significant trust-boundary expansion unrelated to the main install path. Risk is moderate rather than malicious because the primary behavior is coherent and there is no direct credential harvesting or exfiltration shown.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 07:08 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fopen-design%2F@55650f81ad24fa11c83dc20ede1965418320dd47ac080057ef95d561a101b687
Security Audit — socket — open-design