publish-social

Warn

Audited by Socket on Jul 4, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
SKILL.md

SUSPICIOUS. The stated purpose matches social publishing, and the named Typefully/CSV workflows are plausible, but the skill handles raw local credentials and enables live posting across 9 platforms while relying on an unnamed browser-automation layer. No confirmed malware or explicit exfiltration is visible, yet the combination of credential auto-detection, public-action capability, and unverifiable automation makes this medium risk.

Confidence: 79%Severity: 61%
SecurityMEDIUM
references/session-cookie-export.md
Audit Metadata
Analyzed At
Jul 4, 2026, 10:17 PM
Package URL
pkg:socket/skills-sh/hungv47%2Fmeta-skills%2Fpublish-social%2F@2283e7fa39ae13bfd5b28a7e0f9a86ce456246e34cce87776a484957d54c3283
Security Audit — socket — publish-social