last30days-cn
Audited by Socket on Jun 19, 2026
2 alerts found:
Anomalyx2SUSPICIOUS: the stated purpose is legitimate and mostly aligned with a multi-platform research skill, but the footprint is broad for a single skill: many optional credentials, external crawling/search, Bash+Write access, and unseen local scripts. No clear malware indicators or deceptive installer are present, but data-flow integrity cannot be confirmed and the untrusted-content + execution-capable toolset makes this a medium-risk research skill.
This fragment is primarily a lifecycle hook configuration that triggers `bash` to execute a local `check-config.sh` script on SessionStart. No explicit malicious behavior is visible in the snippet itself, but it introduces a moderate supply-chain/path-integrity risk by performing shell command execution using a runtime-resolved root path. Verification requires reviewing the actual `check-config.sh` contents and ensuring `${CLAUDE_PLUGIN_ROOT}` and the script file are protected from tampering (e.g., by signed artifacts, locked dependencies, and verified installation paths).