edgeone-makers-tools

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
hooks/hooks.json

This fragment is a powerful orchestration layer that conditionally executes local shell scripts based on user/prompt and agent/tool-use contexts. The code itself shows no explicit malicious behavior, but it establishes a direct command-execution sink for three hook scripts under a configurable hooks directory. Security risk is driven by the (missing) contents and trustworthiness of those .sh files; given the sensitive trigger points (prompts and agent writes/edits), the referenced scripts should be reviewed for exfiltration, credential access, persistence, and unsafe handling of untrusted input.

Confidence: 45%Severity: 62%
Audit Metadata
Analyzed At
Jun 26, 2026, 10:58 AM
Package URL
pkg:socket/skills-sh/tencentedgeone%2Fedgeone-pages-skills%2Fedgeone-makers-tools%2F@1f01a91e88a581e05facd63919d425bde2f70e44
Security Audit — socket — edgeone-makers-tools