Utilities

Fail

Audited by Socket on Jun 30, 2026

9 alerts found:

Obfuscated Filex3Anomalyx5Security
Obfuscated FileHIGH
Fabric/Patterns/transcribe_minutes/system.md

All reports lack input code; cannot perform malware risk assessment from provided fragments. Recommend generating a synthesized risk profile and obtaining code/SBOM to enable proper analysis.

Confidence: 90%
AnomalyLOW
PAIUpgrade/SKILL.md

The PAIUpgrade fragment presents a coherent, multi-threaded upgrade analysis flow that leverages local state and internal tooling to produce structured upgrade reports. The most notable risks center on the mandatory localhost notification, potential data exposure from accessing sensitive local state, and reliance on local tooling (Anthropic.ts) whose integrity depends on trusted sources. Overall, classify as MEDIUM risk with privacy-sensitive data handling and operational exposure; mitigations should include explicit per-action prompts, strict filesystem permissions, validated local endpoints, and integrity checks for local tooling.

Confidence: 68%Severity: 60%
AnomalyLOW
CreateCLI/SKILL.md

SUSPICIOUS: the core CLI-generation purpose is mostly coherent, and referenced tool ecosystems are legitimate, but the mandatory pre-action background curl to an undocumented localhost notification service is disproportionate and creates an unnecessary hidden data flow. Main risk is forced network execution at skill invocation, not confirmed malware.

Confidence: 100%Severity: 60%
Obfuscated FileHIGH
Fabric/Patterns/write_essay_pg/system.md

The three reports are unsatisfactory for security analysis because none include an actual code fragment to review. Report 3 is marginally better by explicitly stating the absence of code and requesting a fragment. An improved outcome is to provide a concrete template and a clear prompt for the user to supply the code fragment so a full security assessment can be performed.

Confidence: 90%
AnomalyLOW
Documents/Pptx/SKILL.md

SUSPICIOUS. The PPTX workflows and official-tool installs are mostly coherent, but the mandatory read of ~/.claude/PAI/SKILL.md is unrelated and over-scoped for a presentation skill, exposing personal context and internal operating data without clear need.

Confidence: 100%Severity: 60%
SecurityMEDIUM
Documents/Xlsx/SKILL.md
AnomalyLOW
Parser/SKILL.md

SUSPICIOUS: the skill’s main parsing purpose is plausible, but it requires an unrelated, silent, automatic curl POST to a local service before doing any work. That side effect is disproportionate to content parsing and weakens data-flow integrity, though there is no evidence of remote payload delivery or confirmed malware.

Confidence: 100%Severity: 60%
AnomalyLOW
Documents/Pdf/SKILL.md

SUSPICIOUS: the PDF functionality itself is benign and uses standard local tools, but the mandatory preload of ~/.claude/PAI/SKILL.md is not proportionate to PDF processing and exposes unrelated personal/operational context to the agent. Install trust is low-risk; the main concern is overbroad local context access and transitive instruction loading.

Confidence: 87%Severity: 56%
Obfuscated FileHIGH
Parser/Workflows/ParseContent.md

This workflow spec is not overtly malicious, but it has non-trivial supply-chain and privacy risks. Primary concerns: 1) arbitrary user-supplied content is forwarded to third-party closed-source services (data exfiltration/privacy risk), 2) implied execution of external CLI tools without mandated sanitization/sandboxing (command execution risk), and 3) the 'always output' resilience approach can persist partial sensitive data and mask failures. Recommended mitigations before deployment: restrict and log which domains/content are forwarded to external services; require explicit consent or redaction for potentially sensitive content; mandate sandboxed execution for external tools and sanitize inputs to any subprocess; add API key management, encryption-in-transit verification, and rate-limiting; and make validation errors and partial outputs explicit to users/operators.

Confidence: 90%
Audit Metadata
Analyzed At
Jun 30, 2026, 03:36 PM
Package URL
pkg:socket/skills-sh/danielmiessler%2FLifeOS%2Futilities%2F@077311a435a3ca8506fb4af96634b94690be93ed
Security Audit — socket — Utilities