person-lookup

Warn

Audited by Socket on Jul 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s core capability matches its purpose, but it relies on reading a local credential file and sending both queries and bearer-authenticated requests through a Gooseworks proxy rather than direct official provider endpoints. That intermediary data flow and raw credential handling are the main risks, while the same-org npm setup path keeps this below malicious.

Confidence: 87%Severity: 62%
Audit Metadata
Analyzed At
Jul 2, 2026, 06:17 AM
Package URL
pkg:socket/skills-sh/athina-ai%2Fgoose-skills%2Fperson-lookup%2F@c5bf76516e95571bc6566a2cce957f07185db5028323172da97a9e91e28508f9
Security Audit — socket — person-lookup