openmaic-classroom

Warn

Audited by Socket on May 17, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的业务目的基本合理，但其关键执行路径依赖个人仓库发布的通用 HTTP MCP 工具，并将 OpenMAIC accessCode 与课程内容交给该第三方代码处理。官方 OpenMAIC 服务本身看起来正常，主要风险来自不成比例的第三方安装与凭证转发，因此应判定为可疑而非确认恶意。

Confidence: 91%Severity: 88%

Audit Metadata

Analyzed At

May 17, 2026, 08:43 AM

Package URL

pkg:socket/skills-sh/Tencent%2FWeKnora%2Fopenmaic-classroom%2F@9de658379d725daed5c4ff31be20d5aa7a9301ab