himalaya

Warn

Audited by Socket on Mar 14, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s stated purpose is coherent with an email CLI, but the install path is internally inconsistent with the documented OpenClaw CLI and the skill provides almost no detail on credentials or data flow. No direct credential harvesting or exfiltration is shown, so this is not malware, but the transitive install trust and CLI mismatch make it medium risk.

Confidence: 84%Severity: 58%
Audit Metadata
Analyzed At
Mar 14, 2026, 11:06 AM
Package URL
pkg:socket/skills-sh/alphaonedev%2Fopenclaw-graph%2Fhimalaya%2F@c15ef1c15713209c9105e9a77a1a19d86137ae55
Security Audit — socket — himalaya