polish

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the core prose-polishing purpose is coherent and the local file/tool scope is proportionate, but the skill’s main functionality relies on transitive installation/use of two unverified third-party skills. With no direct credential access, shell execution, or explicit exfiltration in this file, this is not malware, but the dependency trust chain makes it medium risk.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 05:56 PM
Package URL
pkg:socket/skills-sh/SipengXie2024%2Fsuperpower-writing%2Fpolish%2F@28dca4e6d4783e4d0c0b2fa598da234c834b51f5f3fedf9cee07f56450f09ddf
Security Audit — socket — polish