mdapi-conversion

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is mostly coherent as a document-conversion integration, but it sends user content to a third-party hosted API and includes autonomous payment capability. No clear malware or deceptive installer behavior is present, yet the combination of third-party content processing, token handling, and agent-driven payment makes the risk materially higher than a simple documentation skill.

Confidence: 84%Severity: 58%
Audit Metadata
Analyzed At
Jun 26, 2026, 10:40 PM
Package URL
pkg:socket/skills-sh/mdapiio%2Fmdapi.io%2Fmdapi-conversion%2F@97fa5dc113eb65279daf6590c5e84d506c729d92429c754034200afb33a1d3d4
Security Audit — socket — mdapi-conversion