Skills
skills/mingli30119/stock-analysis/stock-analysis-enhanced/Socket

stock-analysis-enhanced

Warn

Audited by Socket on Jun 1, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS:技能的股票分析目的与本地数据采集/HTML生成能力基本匹配,但MCP安装与凭据链路存在明显不一致。最主要问题是 `.mcp.json` 中使用的 npx 包名与官方文档不符,导致把 ZHIPU_API_KEY 交给错误npm包的供应链/凭据转发风险;其余命令和文件访问大体与声明用途相称,未见明确恶意窃密或隐蔽外传。

Confidence: 85%Severity: 68%
Audit Metadata
Analyzed At
Jun 1, 2026, 03:20 AM
Package URL
pkg:socket/skills-sh/mingli30119%2Fstock-analysis%2Fstock-analysis-enhanced%2F@7ca91c5b8ac0203af307c67ad5151aad9fb9e6df
Security Audit — socket — stock-analysis-enhanced