sales-voicetonotes
Audited by Socket on Apr 20, 2026
2 alerts found:
AnomalyObfuscated FileSUSPICIOUS: The core VoiceToNotes help behavior is mostly coherent and low risk, but the skill unnecessarily includes transitive installation of another skill via unpinned `npx`. That external trust expansion is not needed for product-support guidance and raises medium supply-chain risk, though there is no evidence of credential theft, exfiltration, or overtly malicious behavior.
No executable code or direct malware behavior is present. The primary security concerns are governance and documentation risks that could enable misrepresentation or misconfiguration when implementing the real product. To ensure security, verify implementation details for API handling, data retention, data-sharing policies, and compliance controls in the actual codebase and API client libraries.