materialize-docs

Warn

Audited by Socket on Jun 12, 2026

2 alerts found:

SecurityAnomaly
SecurityMEDIUM
ingest-data/index.md
AnomalyLOW
ingest-data/webhooks/webhook-quickstart/index.md

No clear evidence of intentional malware (e.g., backdoor behavior, cryptomining, or forced exfiltration to hardcoded attacker infrastructure) is present in this snippet. However, the embedded generator contains several security-relevant design risks: (1) schema-driven eval(), which is strong client-side code-execution risk in a page context; (2) secret/API key is logged to the browser console and is sent in an Authorization-like header to a user-specified arbitrary endpoint; and (3) generated content is rendered via innerHTML without sanitization, creating DOM injection/XSS risk within the page. Treat this fragment as unsafe to copy into production without hardening (remove eval, avoid innerHTML, minimize secret logging, and restrict/validate destination).

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 12, 2026, 07:42 PM
Package URL
pkg:socket/skills-sh/materializeinc%2Fagent-skills%2Fmaterialize-docs%2F@3e9e117958e3ea5c8a284ac787291a3ca3eb9a70
Security Audit — socket — materialize-docs