substack-skill

Warn

Audited by Socket on Jul 5, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill is broadly aligned with its stated Substack-post management purpose and does not show obvious malware or third-party credential harvesting, but it uses an unofficial internal API plus a copied browser session cookie with high account privilege. That credential model and the ability to publish/email subscribers create meaningful security risk even though the data flow stays on Substack and the skill includes a confirmation safeguard.

Confidence: 89%Severity: 58%
Audit Metadata
Analyzed At
Jul 5, 2026, 06:06 PM
Package URL
pkg:socket/skills-sh/idanbeck%2Fclaude-skills%2Fsubstack-skill%2F@17921cfd58e456cee115950b51a71acea0de4ba6600fb92f2bc4edbb5edbc50d
Security Audit — socket — substack-skill