model-list

Warn

Audited by Socket on May 6, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

该技能用途与“查询网关模型列表”基本一致，没有明显越权文件读取或隐藏执行，整体不像恶意技能；但其默认将 API Key 发送到无法充分验证归属的第三方网关，并允许重定向到任意 URL，数据流与凭证信任边界偏弱。结论：SUSPICIOUS。

Confidence: 84%Severity: 63%

Audit Metadata

Analyzed At

May 6, 2026, 02:13 AM

Package URL

pkg:socket/skills-sh/nmvr2600%2Ftiny-llm-proxy%2Fmodel-list%2F@1ae8cd8aae6fecefac4fef2fa298816bfc94eccb