llamaparse

Fail

Audited by Socket on Jun 19, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
scripts/example.ts

The code is a legitimate-looking client for uploading and parsing local files with LlamaCloud, but it carries moderate security risk due to its ability to upload arbitrary local files (potential data exfiltration), reuse of the API key in Authorization headers for presigned URL downloads, and writing remote filenames to disk without sanitization. There are no clear signs of intentional malware or backdoors. Treat usage as potentially dangerous in environments containing sensitive data and apply mitigations (restrict API key, sanitize filenames, avoid parsing secrets).

Confidence: 90%
Audit Metadata
Analyzed At
Jun 19, 2026, 12:02 AM
Package URL
pkg:socket/skills-sh/run-llama%2Fllamaparse-agent-skils%2Fllamaparse%2F@ec7cd4c1ad0ee7e9614175bea4c3da2c55625ff138faf76e0a39c4b52fc28742
Security Audit — socket — llamaparse