stock-report

Warn

Audited by Socket on Mar 25, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the stated purpose is plausible for a stock-report skill, but the actual execution depends on an unverifiable local Python script in a personal directory. There is no confirmed malware or explicit credential theft in the visible skill text, yet the core behavior cannot be audited and the broad Bash execution scope is disproportionate to a simple reporting wrapper.

Confidence: 84%Severity: 74%
Audit Metadata
Analyzed At
Mar 25, 2026, 08:23 AM
Package URL
pkg:socket/skills-sh/okikusan-public%2Fstock_skills%2Fstock-report%2F@524ec8e8c5d7e23d837f6d246459414d6d61a383
Security Audit — socket — stock-report