niche-evaluator

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core capability matches the stated niche-evaluation purpose, but the skill routes all data and credentials through a configurable NexScope proxy rather than official source APIs. There is no clear malware behavior or deceptive install chain, yet the intermediary data flow and credential forwarding make the skill a medium security risk.

Confidence: 84%Severity: 58%
Audit Metadata
Analyzed At
Jun 26, 2026, 04:16 AM
Package URL
pkg:socket/skills-sh/nexscope-ai%2Fnexscope-ecommerce-skills%2Fniche-evaluator%2F@6971dc815eacd4aeb2a88b83f8ede429fe5cde63e6c53fb2c10a45e27d6a4026
Security Audit — socket — niche-evaluator