yapi

Warn

Audited by Socket on May 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the core YApi query/sync behavior is coherent, but the install path is not fully self-contained. The transitive skill installation, naming mismatch, and extra browser automation dependency raise supply-chain and trust concerns disproportionate to a simple docs helper, even though the main data flow to a configured YApi server appears legitimate.

Confidence: 82%Severity: 74%
Audit Metadata
Analyzed At
May 16, 2026, 07:24 AM
Package URL
pkg:socket/skills-sh/leeguooooo%2Fcross-request-master%2Fyapi%2F@654750dcea97762db5a97fab850da5f81a4710e8
Security Audit — socket — yapi