avatar-ambient-sfx
Warn
Audited by Socket on Jul 10, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Purpose and media-processing behavior are coherent, and the only named external service is the official ElevenLabs API. The main issue is transitive trust: this skill depends on unverified local executable scripts from another skill and passes an API key into them, which raises security risk substantially even without evidence of confirmed malware.
Confidence: 84%Severity: 80%
Audit Metadata