Skills
skills/gooseworks-ai/gooseworks/gooseworks-master/Socket

gooseworks-master

Warn

Audited by Socket on Apr 13, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s purpose broadly matches data gathering, but its actual footprint is much larger: it reads local credentials, pulls remote instructions/scripts/files, installs dependencies, executes fetched code, and chains additional dependency skills. The Orthogonal proxy also routes API calls through GooseWorks instead of direct provider endpoints, creating intermediary data-flow and trust concerns. This is not confirmed malware, but it is a high-risk meta-skill with significant supply-chain and transitive-trust exposure.

Confidence: 87%Severity: 89%
Audit Metadata
Analyzed At
Apr 13, 2026, 12:09 PM
Package URL
pkg:socket/skills-sh/gooseworks-ai%2Fgooseworks%2Fgooseworks-master%2F@1a91de467e806e3fbdc8a3c03fd508cffcef3078