yuque-document-management

Warn

Audited by Socket on May 18, 2026

1 alert found:

Anomaly
AnomalyLOW
CleanData.cs

This module is not indicative of covert malware (no exfiltration, credential theft, obfuscation, or command execution observed). However, it is intentionally destructive and carries significant security/operational risk: it drops configured KV stores, deletes local cache/task JSON files under a configurable WorkingDir, deletes Qdrant collections by prefix, and performs an unscoped Neo4j DETACH DELETE of all nodes in the connected database. If run with incorrect configuration or in production, it can cause severe data loss; review for invocation controls (environment gating, confirmations, stricter scoping for Neo4j/files) before use.

Confidence: 70%Severity: 66%
Audit Metadata
Analyzed At
May 18, 2026, 03:19 AM
Package URL
pkg:socket/skills-sh/doomclouds%2Flightragnet%2Fyuque-document-management%2F@311a0bf752ea11bd0c1a62b36e0b7536c80832e5
Security Audit — socket — yuque-document-management