alibabacloud-emr-starrocks-assistant

Warn

Audited by Socket on May 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is largely coherent with its stated StarRocks ops purpose and uses direct FE connections rather than off-platform proxies, but it relies on bundled/private CLI tooling that is not publicly verifiable and stores credentials locally. The biggest security concern is credential/query handling through unverifiable local tooling plus explicit no-TLS connections; this raises security risk even though the behavior is not clearly malicious.

Confidence: 83%Severity: 58%
Audit Metadata
Analyzed At
May 29, 2026, 03:07 AM
Package URL
pkg:socket/skills-sh/aliyun%2Falibabacloud-aiops-skills%2Falibabacloud-emr-starrocks-assistant%2F@9c7a37cbc283edac0afa913d806c30265c76e244
Security Audit — socket — alibabacloud-emr-starrocks-assistant