imagine

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/generate.js

No strong indicators of intentional malware within this module (no eval/Function, no remote exfiltration to external domains, and no credential harvesting/persistence). However, the module does execute external code via runtime `npx openai-oauth` (supply-chain risk) and can disrupt local services by killing processes on a fixed port. It also records the full user prompt and output metadata to a local JSONL history file and writes decoded base64 images to a directory derived from user/config inputs without path sanitization, which can increase local-file-write and privacy risk in a misused context.

Confidence: 62%Severity: 55%
Audit Metadata
Analyzed At
Jun 23, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/mineru98%2Fskills-store%2Fimagine%2F@19e5d94d2d511480345f88977fa49ec9e73ac4d93478d456da71ae2d3f760ffd
Security Audit — socket — imagine