ccx-flow

Fail

Audited by Socket on Jun 23, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

该技能目的与“本地上下文注入桥接”基本一致,但实现方式包含高危的加载时预执行,尤其是通过 npx 执行第三方包。这种在用户批准前运行外部代码的模式与安全边界不相称,应判为可疑且高风险;未见明确第三方外传证据,因此更像高危脆弱技能而非已确认恶意窃密。

Confidence: 91%Severity: 97%
Audit Metadata
Analyzed At
Jun 23, 2026, 05:32 AM
Package URL
pkg:socket/skills-sh/Lionad-Morotar%2Fcc-expand%2Fccx-flow%2F@dee81af6bd24238b5ea58766b7bc427292536c7ebbc7643c86f531071c3e0be4
Security Audit — socket — ccx-flow