processon-diagram-generator

Warn

Audited by Socket on May 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The core ProcessOn integration is coherent with diagram generation, but the skill adds unnecessary trust-expanding behavior: mandatory remote version polling, explicit credential-file reads, and transitive self-update instructions via a remote GitHub URL. I found no confirmed malware or clear exfiltration to non-ProcessOn endpoints, but the install/update and credential-handling patterns raise medium risk.

Confidence: 87%Severity: 66%
Audit Metadata
Analyzed At
May 18, 2026, 03:10 PM
Package URL
pkg:socket/skills-sh/processonai%2Fprocesson-skills%2Fprocesson-diagram-generator%2F@92b95c54d1724af807a26672234a95aa80e99277
Security Audit — socket — processon-diagram-generator