edgeone-makers

Warn

Audited by Socket on Jun 30, 2026

1 alert found:

Anomaly
AnomalyLOW
hooks/hooks.json

This fragment is a powerful orchestration layer that conditionally executes local shell scripts based on user/prompt and agent/tool-use contexts. The code itself shows no explicit malicious behavior, but it establishes a direct command-execution sink for three hook scripts under a configurable hooks directory. Security risk is driven by the (missing) contents and trustworthiness of those .sh files; given the sensitive trigger points (prompts and agent writes/edits), the referenced scripts should be reviewed for exfiltration, credential access, persistence, and unsafe handling of untrusted input.

Confidence: 45%Severity: 62%
Audit Metadata
Analyzed At
Jun 30, 2026, 08:37 AM
Package URL
pkg:socket/skills-sh/TencentEdgeOne%2Fedgeone-makers-tools%2Fedgeone-makers%2F@c575cfad9d20bb2e5b4a900b3994193473184b8d
Security Audit — socket — edgeone-makers