avatar-ambient-sfx

Warn

Audited by Socket on Jul 10, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

Purpose and media-processing behavior are coherent, and the only named external service is the official ElevenLabs API. The main issue is transitive trust: this skill depends on unverified local executable scripts from another skill and passes an API key into them, which raises security risk substantially even without evidence of confirmed malware.

Confidence: 84%Severity: 80%
Audit Metadata
Analyzed At
Jul 10, 2026, 01:41 AM
Package URL
pkg:socket/skills-sh/puntorigen%2Favatar-skills%2Favatar-ambient-sfx%2F@08141acf7ed0b51ee4e75e3216e252e8eb3084e8e35ebe62324e3da47fd34d8e