project-sanitizer

Warn

Audited by Socket on Jun 30, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/sanitize_project.sh

This module is a local, highly destructive sanitization/rewriting script: it recursively scans a user-supplied directory (excluding .git), then deletes specified directories/files and edits text in-place to remove or replace reverse-engineering/rebranding and cracking/trial/license-related strings (including Chinese terms). It shows no malware mechanics (no networking, persistence, credential theft, or remote payload execution). However, due to rm -rf usage and explicit removal of “CRACKED/fake” and licensing/trial indicators, it presents a moderate security risk in a supply-chain context if distributed unvetted or used against unintended targets.

Confidence: 60%Severity: 60%
Audit Metadata
Analyzed At
Jun 30, 2026, 02:02 PM
Package URL
pkg:socket/skills-sh/leeguooooo%2Fproject-sanitizer-skill%2Fproject-sanitizer%2F@b3b5f59fc183c9b6e03ab0ecdaa1739397e73ed7
Security Audit — socket — project-sanitizer