job-search

Warn

Audited by Socket on Jul 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's job-search purpose broadly matches its capabilities, and the credential location/install model appears consistent with official Gooseworks documentation. The main concern is data-flow integrity: all requests and the bearer token are routed through Gooseworks proxy endpoints instead of direct provider APIs, and the skill reads raw credentials from a local file. This looks more like a managed gateway pattern than confirmed malware, but it introduces meaningful credential-handling and privacy risk.

Confidence: 89%Severity: 66%
Audit Metadata
Analyzed At
Jul 2, 2026, 06:18 AM
Package URL
pkg:socket/skills-sh/athina-ai%2Fgoose-skills%2Fjob-search%2F@77f366ef2a5f332e6f6c67ecf4adfb04410303382dd6852d7ca7f5a1931b91b0
Security Audit — socket — job-search