goofish-search-list

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s purpose and core capabilities mostly align with Goofish search scraping, but its trust footprint is broader than necessary. The main concerns are execution of Python-generated shell via eval and reliance on browser-act, an external browser-control tool with access to logged-in session state but without strong release verification evidence in the reviewed sources. No clear credential harvesting or off-purpose exfiltration is shown, so this is not confirmed malware.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 04:39 AM
Package URL
pkg:socket/skills-sh/browser-act%2Fskills%2Fgoofish-search-list%2F@c81ec9cf438bd3a6577e8b31c3e94b09a3181724a74bc0c5435c369c49d54ae5
Security Audit — socket — goofish-search-list