lexi
Warn
Audited by Socket on May 22, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The stated purpose and visible local file access are coherent, and there is no explicit credential harvesting or network exfiltration in the skill text. However, the entire workflow relies on an unverifiable bundled honne executable/script with no public release trail or provenance evidence, which creates a high supply-chain trust risk disproportionate to the transparency provided.
Confidence: 85%Severity: 70%
Audit Metadata