Skills
skills/eyadkelleh/awesome-skills-security/security-payloads/Socket

security-payloads

Warn

Audited by Socket on Jun 14, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
SKILL.md
AnomalyLOW
references/Payloads/README.md

No dependency implementation code is provided—only descriptive content for crafted exploit/test files (resource exhaustion via image/GIF bombs, AV detection via EICAR, SWF-based XSS PoC, and ZIP filename tricks targeting PHPinfo/blacklist bypass). This fragment alone does not demonstrate supply-chain malware (no executable behavior is shown), but it indicates an offensive-security payload collection that could be harmful if packaged/distributed or used by other tooling in a target environment. Recommend obtaining and reviewing the actual package source/build artifacts to assess whether it merely contains test payloads or also includes runtime/malicious code.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 14, 2026, 07:16 AM
Package URL
pkg:socket/skills-sh/Eyadkelleh%2Fawesome-skills-security%2Fsecurity-payloads%2F@4d0e12a5722f1d431329373556df19544f3ab311a4533c710aede97658ba04a3
Security Audit — socket — security-payloads