huashu-nuwa

Fail

Audited by Socket on Jun 23, 2026

2 alerts found:

AnomalyObfuscated File
AnomalyLOW
examples/mrbeast-perspective/SKILL.md

SUSPICIOUS. The skill’s stated purpose is mostly coherent with content research and analysis, and there is no clear credential harvesting or malicious exfiltration path. However, it expands into tool-driven research and execution via undocumented local scripts—especially a subtitle-downloading shell script—without provenance, source, or endpoint clarity, creating moderate security risk and a trust gap disproportionate to a simple persona/advice skill.

Confidence: 84%Severity: 56%
Obfuscated FileHIGH
examples/sun-yuchen-perspective/references/research/02-conversations.md

The provided fragment is a non-executable informational dossier with references. There is no code-level malware, no data flow that could enable supply-chain compromise, and no runtime security risk inherent to the fragment itself. Risk considerations are primarily reputational and informational; treat as documentation and ensure any downstream usage does not automatically execute or deserialize external content.

Confidence: 90%
Audit Metadata
Analyzed At
Jun 23, 2026, 12:30 AM
Package URL
pkg:socket/skills-sh/oldwinter%2Fskills%2Fhuashu-nuwa%2F@c084814ca074134c435733224015db32b500056244172ccd2c8675563d91ec15
Security Audit — socket — huashu-nuwa