skills/jeremylongshore/claude-code-plugins-plus-skills/secret-scanner/Socket

secret-scanner

Warn

Audited by Socket on May 4, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: The skill is not overtly malicious and shows no credential harvesting or exfiltration path, but its broad Bash(npm:*) permission is disproportionate to a generic secret-scanner helper and introduces medium supply-chain risk through arbitrary npm package execution.

Confidence: 86%Severity: 58%

Audit Metadata

Analyzed At

May 4, 2026, 02:30 PM

Package URL

pkg:socket/skills-sh/jeremylongshore%2Fclaude-code-plugins-plus-skills%2Fsecret-scanner%2F@178328bfa12450279a2a28b13afc5394685585da