open-design

Warn

Audited by Socket on May 4, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core purpose and local artifact-generation capabilities are mostly coherent, and no credential harvesting or explicit exfiltration is shown. The main concern is the transitive installation path to an unrelated third-party skills repo plus support for loading additional file-based skills, which expands trust beyond the stated publisher and is disproportionate to a simple design workflow helper.

Confidence: 83%Severity: 68%
Audit Metadata
Analyzed At
May 4, 2026, 01:18 PM
Package URL
pkg:socket/skills-sh/akillness%2Foh-my-skills%2Fopen-design%2F@9792bd665a21ce7b6d32333b7f2396446221aecd
Security Audit — socket — open-design