lavish

Warn

Audited by Socket on Jul 1, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

Mostly coherent with its stated purpose of visual artifact review, but it relies on an unpinned external CLI run via `npx` and feeds untrusted browser annotations back into an agent that can modify files and execute commands. This is better classified as suspicious/medium risk due to supply-chain and prompt-injection exposure, not confirmed malicious behavior.

Confidence: 74%Severity: 57%
Audit Metadata
Analyzed At
Jul 1, 2026, 04:38 PM
Package URL
pkg:socket/skills-sh/kunchenguid%2Flavish-axi%2Flavish%2F@997ac837f10defbc888f337e6fb70ed52a9944e4c681b5ca48a25e0bd8653340
Security Audit — socket — lavish