bg3se-macos-ghidra

Warn

Audited by Socket on Jun 24, 2026

1 alert found:

Anomaly
AnomalyLOW
references/offset-discovery.md

No explicit malicious payload (no exfiltration, persistence, credential theft, command execution, or network activity) is evidenced in the provided fragment. However, it documents high-capability techniques for dynamic library/symbol resolution and reading/dereferencing internal process memory via computed offsets (including mach_vm_read and pattern scanning). This capability is inherently security-sensitive: it can be used for cheating/unauthorized introspection and can cause stability issues if validation is weak. Assess the actual implementation of the implied functions (pattern_scan/runtime_addr/safe_read integration) and any runtime hooks to confirm whether the behavior is limited to benign modding or could be repurposed for harmful actions.

Confidence: 60%Severity: 55%
Audit Metadata
Analyzed At
Jun 24, 2026, 12:10 PM
Package URL
pkg:socket/skills-sh/tdimino%2Fbg3se-macos%2Fbg3se-macos-ghidra%2F@1a670947e79ee959a2910a68c04311b313683096e58b567e2a1072eff6c91394
Security Audit — socket — bg3se-macos-ghidra