main

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core routing, `.writing/` management, and claim-enforcement behavior fit the stated academic-writing purpose, so this is not fundamentally incompatible or overtly malicious. Risk comes from conditional forwarding of Zotero credentials to a third-party `zotero-mcp` tool and from sending draft content through an unspecified 'Codex bridge' for external review; both extend trust beyond the local plugin and are only partially verified. Overall this is a coherent writing skill with medium security risk, mainly from third-party integration and unclear external data-routing details.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 05:56 PM
Package URL
pkg:socket/skills-sh/SipengXie2024%2Fsuperpower-writing%2Fmain%2F@93a95f595598419e4dbf9b467817d11ad0d73d0e4e0808253665eaec802a6a55
Security Audit — socket — main