send-file

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/send-file.ts

This module itself contains no obvious obfuscation or explicit malicious logic, but it is a permissioned CLI wrapper that delegates to `callSkillApi` to perform a 'send-file' operation using a user-supplied local file path and a user-supplied remote API URL. The code lacks validation/allowlisting for both the destination and the file path, so the security posture depends heavily on the (missing) `../../lib/client.ts` implementation. Overall, it has a medium security risk primarily due to exfiltration-enabling data-flow shape and broad runtime permissions, not confirmed malware.

Confidence: 56%Severity: 62%
Audit Metadata
Analyzed At
Jun 18, 2026, 05:05 AM
Package URL
pkg:socket/skills-sh/jim60105%2FAIr-Friends%2Fsend-file%2F@d161854fcac21b7b2aceede203d8ba36c76ef216cf8fd65f804e0d9a3ea9d2f4
Security Audit — socket — send-file