social-push-skill

Warn

Audited by Socket on Mar 19, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该 skill 的目的与能力基本一致：自动化发布社交媒体内容。但它赋予代理直接公开发帖的能力，并结合 bash 脚本、动态网页读取和自我修复流程，整体属于高风险自动化而非明显恶意。供应链证据对 agent-browser 较正面，但未展示的本地脚本和缺少逐次确认使其应判为 SUSPICIOUS。

Confidence: 87%Severity: 72%

Audit Metadata

Analyzed At

Mar 19, 2026, 04:23 PM

Package URL

pkg:socket/skills-sh/aluan%2Fsocial-push%2Fsocial-push-skill%2F@0878d9fef0dd2008817c54f9fab428aeaff38e1a