blink-fetch
Warn
Audited by Socket on Jun 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill is honest about using Blink as a proxy, but its real data flow sends arbitrary request data and potentially sensitive auth headers through a third-party intermediary instead of directly to target services. Install provenance appears same-org and not overtly malicious, yet the proxy-based credential and content forwarding makes this a medium-high security risk for a general-purpose fetch skill.
Confidence: 100%Severity: 60%
Audit Metadata