Skills
skills/tencent-lexiang/lexiang-cli/lx-url-route/Socket

lx-url-route

Warn

Audited by Socket on May 20, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

整体目的与能力基本一致:这是一个乐享 URL 到 `lx` CLI 的路由 skill,没有明显恶意窃密或越权行为。但它依赖一个公开上不可充分验证来源的已登录 `lx` 二进制,这带来显著供应链与凭据转交风险。结论为 SUSPICIOUS:更像内部生态下的实用 skill,而非确认恶意;高风险主要来自不可验证 CLI,而不是技能文本本身。

Confidence: 82%Severity: 80%
Audit Metadata
Analyzed At
May 20, 2026, 09:45 PM
Package URL
pkg:socket/skills-sh/tencent-lexiang%2Flexiang-cli%2Flx-url-route%2F@3abd6d315ec4c3ba3ee7ee11c60495c842bb4d0b
Security Audit — socket — lx-url-route