open-tor

Warn

Audited by Socket on May 8, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill’s dark-web OSINT purpose broadly matches its capabilities, and its install path is mostly conventional, but it gives an AI agent high-risk offensive investigation powers, processes hostile external content with command execution available, and explicitly instructs the agent to ask for the user’s sudo password. This is not confirmed malware, but it is a high-risk security skill with disproportionate credential-handling behavior.

Confidence: 88%Severity: 83%
Audit Metadata
Analyzed At
May 8, 2026, 04:12 PM
Package URL
pkg:socket/skills-sh/vichhka-git%2FOpenTor%2Fopen-tor%2F@f3b87546f9699f9a319b94fb08b02849881f7fa6
Security Audit — socket — open-tor