oma-design

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core design-doc purpose is mostly coherent, but the optional getdesign path introduces medium supply-chain and trust-boundary risk through unpinned `bunx ...@latest` execution of a third-party package. No clear credential harvesting, secret-file access, stealth behavior, or confirmed malicious data exfiltration is present, so this is better classified as vulnerable/suspicious rather than malicious.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 12:20 PM
Package URL
pkg:socket/skills-sh/gracefullight%2Fstock-checker%2Foma-design%2F@2c40dd42c1c2f30c31319ec6c1e7eacd95010f48e3e3b53dc7666270dced73c3
Security Audit — socket — oma-design