skills/chenxiachan/xhs-claude-skills/xhs/Socket

xhs

Warn

Audited by Socket on Apr 1, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS。技能的核心目的与抓取/转录/保存基本一致，数据主要流向小红书官方域和本地 Obsidian；但它要求读取原始 cookies 文件并发起带凭证请求，且示例代码禁用 TLS 校验，这是严重且不必要的安全弱化。额外读取广泛的 Claude memory 也超出最小必要范围，因此整体更像高风险易泄露的自动化技能，而非明确恶意。

Confidence: 90%Severity: 79%

Audit Metadata

Analyzed At

Apr 1, 2026, 09:05 AM

Package URL

pkg:socket/skills-sh/chenxiachan%2Fxhs-claude-skills%2Fxhs%2F@81c8dfccb260ff6dcb0d0bc98f19d25e1f146521