customer-persona

Warn

Audited by Socket on May 14, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's core behavior is mostly aligned with persona research and avatar generation, and the `belt` installer appears to be an official same-org distribution path. Risk comes from relying on a third-party orchestration CLI for all network/data flows, broad belt-enabled Bash scope, and explicit transitive installation of additional skills. No strong evidence of credential theft or malicious exfiltration, but the trust and scope footprint is broader than a narrowly scoped persona template skill.

Confidence: 82%Severity: 53%
Audit Metadata
Analyzed At
May 14, 2026, 02:28 AM
Package URL
pkg:socket/skills-sh/inference-sh-skills%2Fskills%2Fcustomer-persona%2F@05d049235ad6ae06d978e656a7e91fdc19b92b36
Security Audit — socket — customer-persona