osmo-admin

Warn

Audited by Socket on Jun 24, 2026

1 alert found:

Anomaly
AnomalyLOW
evals/config.yml

This YAML fragment contains no explicit malicious logic, but it substantially increases supply-chain risk by (1) forcing Bash to source an external file via BASH_ENV and (2) executing another external shell script from /workspace/input. Any tampering with the referenced scripts could result in arbitrary command execution, so the referenced files should be integrity-checked/audited before use.

Confidence: 45%Severity: 62%
Audit Metadata
Analyzed At
Jun 24, 2026, 11:41 PM
Package URL
pkg:socket/skills-sh/NVIDIA%2Fosmo%2Fosmo-admin%2F@5e31d8e8be5b87aa0e23fde9de8e1961258061e5b0231373771cefe48ee4d8ac
Security Audit — socket — osmo-admin