skills/magic-meal-kits/mmk-skills/mmk-paymint/Socket

mmk-paymint

Warn

Audited by Socket on Mar 26, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS. The skill’s purpose matches its billing capabilities, but it relies on an unverifiable private CLI and enables consequential payment/refund actions. The fragment shows no direct exfiltration or overtly malicious behavior, yet the required black-box executable creates a high supply-chain risk.

Confidence: 85%Severity: 78%

Audit Metadata

Analyzed At

Mar 26, 2026, 06:02 AM

Package URL

pkg:socket/skills-sh/magic-meal-kits%2Fmmk-skills%2Fmmk-paymint%2F@bcf57decfbc36e836cd779d5c150c0ea7e2daa89