lexi

Warn

Audited by Socket on May 22, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The stated purpose and visible local file access are coherent, and there is no explicit credential harvesting or network exfiltration in the skill text. However, the entire workflow relies on an unverifiable bundled honne executable/script with no public release trail or provenance evidence, which creates a high supply-chain trust risk disproportionate to the transparency provided.

Confidence: 85%Severity: 70%
Audit Metadata
Analyzed At
May 22, 2026, 03:49 AM
Package URL
pkg:socket/skills-sh/jazz1x%2Fhonne%2Flexi%2F@745cea1e5e6383a3845938296f7a033f5cda032e
Security Audit — socket — lexi