content-writer

Fail

Audited by Socket on May 29, 2026

2 alerts found:

AnomalyMalware
AnomalyLOW
scripts/postinstall.js

This module is primarily a local installer/updater that deploys packaged markdown/reference files into a user-controlled directory under ~/.claude/skills, records a local version marker, and removes an older directory before installing. The principal supply-chain/security risk in this snippet is the unconditional capability (when present) to execute a bundled shell script via execSync, which can perform arbitrary actions at install time; the provided code does not validate or inspect that script’s contents. Aside from that execution vector and the destructive recursive delete, there are no direct indicators of malware, obfuscation, or data theft/network exfiltration within the shown code.

Confidence: 66%Severity: 58%
MalwareHIGH
package.json

This package runs a local postinstall script and also declares a dependency on a package with the exact same name as itself. The postinstall script must be inspected before installing to ensure it does not perform malicious actions (exfiltrate data, execute untrusted code, modify system/git configuration, spawn shells). The self-dependency is an unusual and suspicious pattern that raises the likelihood of a supply-chain or malicious packaging attempt.

Confidence: 80%Severity: 90%
Audit Metadata
Analyzed At
May 29, 2026, 05:50 AM
Package URL
pkg:socket/skills-sh/sociilabs%2Fclaude-content-writer%2Fcontent-writer%2F@aa7376fa9ed933b9f487a0698bae5a68607906de
Security Audit — socket — content-writer