minecraft-modpack-server

Warn

Audited by Socket on May 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill’s purpose is coherent, and most actions match Minecraft server setup, but it tells the agent to fetch an arbitrary server-pack ZIP and execute included scripts/jars without validating source, checksums, or signatures. This is primarily a supply-chain risk rather than confirmed malware; no credential harvesting or off-platform data exfiltration is evident.

Confidence: 87%Severity: 72%
Audit Metadata
Analyzed At
May 16, 2026, 01:47 PM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fminecraft-modpack-server%2F@d46e455a65cb2c938f1401800da5f27dff0dff6e
Security Audit — socket — minecraft-modpack-server