skills/fedemagnani/rust-lsp-plugin/rust-lsp/Socket

rust-lsp

Warn

Audited by Socket on Apr 1, 2026

1 alert found:

Anomaly

Anomalyscripts/install.sh

LOW

AnomalyLOW

scripts/install.sh

No explicit malware or credential/data-exfiltration behavior is visible in this snippet. The primary finding is supply-chain exposure: it installs a Rust LSP plugin by pulling unpinned remote Git source and building/installing it at run time, without integrity/provenance verification. This should be mitigated by pinning to a specific commit/tag and verifying expected checksums/signatures, or by using a reviewed release artifact with locked dependencies.

Confidence: 62%Severity: 66%

Audit Metadata

Analyzed At

Apr 1, 2026, 06:39 PM

Package URL

pkg:socket/skills-sh/fedemagnani%2Frust-lsp-plugin%2Frust-lsp%2F@9cc01e361120026c5c3c4b1377ea9be769783aef