zergscholar

Warn

Audited by Socket on Jul 5, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill's behavior is largely consistent with its stated sync purpose: it reads local notes/PDFs, writes linked metadata, and sends content to the named ZergScholar service. The main concerns are moderate trust and privacy risks from storing a write-scoped token locally, using a platform-hosted fly.dev endpoint, and lacking verifiable provenance for the referenced local bridge script. Overall this looks coherent rather than overtly malicious, but it should be treated as medium risk and used only if the service and script source are trusted.

Confidence: 82%Severity: 56%
Audit Metadata
Analyzed At
Jul 5, 2026, 06:06 PM
Package URL
pkg:socket/skills-sh/idanbeck%2Fclaude-skills%2Fzergscholar%2F@8f2cc60ca18ef3f1712885273cb77cef8480aef3bb5a1f82f05d2cedb2f30430
Security Audit — socket — zergscholar