mailbox

Warn

Audited by Socket on Jun 17, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/mailbox.sh

Benign intent indicators are strong (local filesystem IPC, no network/exfiltration primitives, no obfuscation/dynamic execution). However, the module has a notable security flaw: agent ids are used verbatim to form filesystem paths, enabling directory traversal/path injection that can escape the intended mailbox root and lead to arbitrary file read/write (and unintended archiving) if ids/paths are attacker-controlled. Treat this as a security alert for any deployment where callers are not fully trusted.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 17, 2026, 10:30 AM
Package URL
pkg:socket/skills-sh/fuzzyfox%2Fskills%2Fmailbox%2F@eaf0f3c17a06b467c026ce1243e9c577175e9006cbb94134cdb6733532679c2c
Security Audit — socket — mailbox