skills/tiangong-lca/skills/process-hybrid-search/Socket

process-hybrid-search

Warn

Audited by Socket on May 17, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

SUSPICIOUS: the skill’s purpose and data flows are broadly coherent, but it dynamically fetches and executes an npm package at @latest and forwards an API key to that code. This is a moderate supply-chain and credential-forwarding risk rather than confirmed malicious behavior.

Confidence: 80%Severity: 56%

Audit Metadata

Analyzed At

May 17, 2026, 06:58 AM

Package URL

pkg:socket/skills-sh/tiangong-lca%2Fskills%2Fprocess-hybrid-search%2F@d37632c66d66f07796a495a707f75d216536d960