processon-diagram-generator
Warn
Audited by Socket on May 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: The core ProcessOn integration is coherent with diagram generation, but the skill adds unnecessary trust-expanding behavior: mandatory remote version polling, explicit credential-file reads, and transitive self-update instructions via a remote GitHub URL. I found no confirmed malware or clear exfiltration to non-ProcessOn endpoints, but the install/update and credential-handling patterns raise medium risk.
Confidence: 87%Severity: 66%
Audit Metadata