Skills
skills/qfeius/contract-cli/auth/Socket

auth

Warn

Audited by Socket on Apr 21, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的功能范围与“认证/身份切换”目的基本一致,但核心风险在于它要求代理把高敏感凭据交给一个未能验证发布来源的 contract-cli,并通过未披露官方域名的认证端点完成登录与换 token。依据不可验证二进制且接收凭据的强制规则,应判定为 SUSPICIOUS,整体安全风险高,但缺乏直接恶意外传证据,未达到确认恶意。

Confidence: 86%Severity: 84%
Audit Metadata
Analyzed At
Apr 21, 2026, 02:50 AM
Package URL
pkg:socket/skills-sh/qfeius%2Fcontract-cli%2Fauth%2F@93c8abe25deb5f1d02e2e407167d5e9f00bcedd6
Security Audit — socket — auth