skills/pivanov/ai-skills/ask-json/Socket

ask-json

Warn

Audited by Socket on May 8, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

The skill's stated purpose and behavior are broadly aligned: it wraps model calls to return typed JSON. The main risk is install/execution trust, because it depends on a third-party CLI package and even suggests `npx` as fallback. No clear credential theft or deceptive exfiltration is shown, but the extra intermediary and package-execution path make this better classified as suspicious/medium risk rather than benign.

Confidence: 79%Severity: 56%

Audit Metadata

Analyzed At

May 8, 2026, 09:59 PM

Package URL

pkg:socket/skills-sh/pivanov%2Fai-skills%2Fask-json%2F@efb1ffa1354af317eedf052417acbf930848b218