sales-voicetonotes

Fail

Audited by Socket on Apr 20, 2026

2 alerts found:

AnomalyObfuscated File
AnomalyLOW
SKILL.md

SUSPICIOUS: The core VoiceToNotes help behavior is mostly coherent and low risk, but the skill unnecessarily includes transitive installation of another skill via unpinned `npx`. That external trust expansion is not needed for product-support guidance and raises medium supply-chain risk, though there is no evidence of credential theft, exfiltration, or overtly malicious behavior.

Confidence: 87%Severity: 58%
Obfuscated FileHIGH
references/platform-guide.md

No executable code or direct malware behavior is present. The primary security concerns are governance and documentation risks that could enable misrepresentation or misconfiguration when implementing the real product. To ensure security, verify implementation details for API handling, data retention, data-sharing policies, and compliance controls in the actual codebase and API client libraries.

Confidence: 98%
Audit Metadata
Analyzed At
Apr 20, 2026, 06:42 PM
Package URL
pkg:socket/skills-sh/sales-skills%2Fsales%2Fsales-voicetonotes%2F@d5f8084aa86b13c01490ac56eecaa2eb2662344f
Security Audit — socket — sales-voicetonotes