skills/hanzhcn/laohan-skills/laohan-gengxin/Snyk

laohan-gengxin

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill intentionally runs installation/updating commands and service restarts (e.g., brew/npm/pip installs, npx -g, running maintenance scripts, launchctl kickstart) which modify the machine state after user confirmation, but it does not request sudo or instruct bypassing security mechanisms or creating system users, so the risk is present but limited.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W013

MEDIUM

Attempt to modify system services in skill instructions.

W021

MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 12, 2026, 11:04 PM

Issues

2

Security Audit — snyk — laohan-gengxin