nv-segment-ctmr

Warn

Audited by Socket on Jun 18, 2026

1 alert found:

Anomaly
AnomalyLOW
BENCHMARK.md

This fragment provides no direct skill source code, but it reports a meaningful static finding around process execution (`subprocess.run` with `cmd` and a custom environment) and broader Bash/least-privilege concerns (environment manipulation and file I/O). The fragment contains no explicit evidence of malware behaviors like data exfiltration or persistence; however, subprocess/shell execution creates a security-relevant risk surface that should be manually reviewed—specifically whether `cmd` is fixed/allowlisted, whether untrusted inputs can influence command arguments, what `run_env` contains, and where captured outputs are handled.

Confidence: 52%Severity: 62%
Audit Metadata
Analyzed At
Jun 18, 2026, 04:35 PM
Package URL
pkg:socket/skills-sh/promptingcompany%2Fnv-skills%2Fnv-segment-ctmr%2F@90d35b6f9f6087926ae248aa37432c7962b205b90441867e68add0d4364a92d6
Security Audit — socket — nv-segment-ctmr