plannotator

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/install.sh

The script is a typical installer wrapper with optional integration setup. The major security concern is the remote installer execution via curl | bash, which can run unverified code from an external source. This is a high-risk pattern (source-to-sink path) and should be mitigated by using verified installers, checksums/signatures, or downloading to a file and running with explicit verification. Otherwise, the script itself contains no overt malicious behavior, but relies on external remote code that could compromise the system if the remote source is compromised.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 07:07 AM
Package URL
pkg:socket/skills-sh/akillness%2Fjeo-skills%2Fplannotator%2F@b07ee9e5f6c0d4d1e958a0ddd105ed5b56553a1df2dc17ca05ec00783ea74f4b
Security Audit — socket — plannotator