skill-publisher

Warn

Audited by Socket on Jun 11, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

整体更像一个与目的一致的发布自动化技能,而非恶意窃密技能。但其核心脚本未提供、且验证流程引入第三方 `skills` CLI,带来可观但非致命的供应链与执行信任风险。判定为 SUSPICIOUS 偏低:用途合理,风险主要来自未审计脚本和外部 CLI。

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 11, 2026, 03:36 PM
Package URL
pkg:socket/skills-sh/joeseesun%2Fqiaomu-skill-publisher%2Fskill-publisher%2F@8bd944b7723e710d38f9fa4034e8ba6addbbdfed
Security Audit — socket — skill-publisher