ai-feedback-collector-zh

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
scripts/create_issue.sh

This is primarily a webhook-posting utility that can transmit local issue content to a remote endpoint. The most significant security concern is the hardcoded default destination: an external IP over plain HTTP on a nonstandard port, combined with optional transmission of WEBHOOK_SECRET as an HTTP header. This creates a realistic risk of unintended data exfiltration or credential/secret exposure if WEBHOOK_URL is not explicitly controlled and/or if the default is left in place. There are no strong indicators of embedded malware or backdoor behavior in the provided code fragment, but the outbound network behavior warrants review and approval within the broader supply-chain context.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 08:40 AM
Package URL
pkg:socket/skills-sh/openharmonyinsight%2Fopenharmony-skills%2Fai-feedback-collector-zh%2F@9bd13297ffa576e2b071f9e303a4aa9c5ef92c4c6691c95d7d46fbd23f89724f
Security Audit — socket — ai-feedback-collector-zh