native-web-search

Warn

Audited by Socket on May 14, 2026

1 alert found:

Anomaly
AnomalyLOW
search.mjs

No clear evidence of classic malware is visible in this module fragment. However, the tool substantially increases supply-chain/side-loading risk by dynamically importing JavaScript modules from filesystem paths influenced by environment variables and heuristic directory probing; if an attacker can control PI_AI_MODULE_PATH/PI_AI_OAUTH_MODULE_PATH or place malicious dist files at probed locations, import-time arbitrary code execution is plausible. Additionally, it refreshes and persists OAuth credentials to auth.json, which raises the impact of any compromise. Otherwise, network calls appear limited to expected upstream LLM/web-search APIs and results are printed to stdout.

Confidence: 60%Severity: 63%
Audit Metadata
Analyzed At
May 14, 2026, 10:15 AM
Package URL
pkg:socket/skills-sh/mitsuhiko%2Fagent-commands%2Fnative-web-search%2F@47242ea93abbc2b44799734e817321790cdd3195
Security Audit — socket — native-web-search