create-prd

Warn

Audited by Socket on Jun 5, 2026

1 alert found:

Anomaly
AnomalyLOW
install.bat

This fragment is a Windows installer entrypoint that selects between two bundled installer payloads (Python-based and PowerShell no-Python fallback) based on which interpreters are available. The only clear security-relevant indicator in this wrapper is the PowerShell invocation using -ExecutionPolicy Bypass, combined with the absence of any integrity/signature verification before executing bundled scripts. The actual malware/data-theft risk cannot be determined from this fragment alone because the substantive behavior resides in install.py and scripts\install_no_python.ps1.

Confidence: 60%Severity: 50%
Audit Metadata
Analyzed At
Jun 5, 2026, 06:46 AM
Package URL
pkg:socket/skills-sh/Wcof%2FPRDHellper%2Fcreate-prd%2F@afc0fb57d75edebefdb68209098469e8e392ac6a
Security Audit — socket — create-prd