person-lookup
Warn
Audited by Socket on Jul 2, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s core capability matches its purpose, but it relies on reading a local credential file and sending both queries and bearer-authenticated requests through a Gooseworks proxy rather than direct official provider endpoints. That intermediary data flow and raw credential handling are the main risks, while the same-org npm setup path keeps this below malicious.
Confidence: 87%Severity: 62%
Audit Metadata