Skills
skills/wenjunduan/rlues/vibe-setup/Socket

vibe-setup

Warn

Audited by Socket on May 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

整体更像一个环境安装向导,目的与文件/命令操作大体一致,未见明确凭证窃取或恶意外传。但它会安装多个第三方插件并执行外部 npm 包,且存在明显的传递信任链;除 OpenAI 的 Codex 插件外,其余来源未被当前证据验证。因此应判为可疑而非恶意,主要风险来自供应链与插件转安装。

Confidence: 84%Severity: 63%
Audit Metadata
Analyzed At
May 2, 2026, 10:38 PM
Package URL
pkg:socket/skills-sh/WenJunDuan%2FRlues%2Fvibe-setup%2F@8ebd0e71cf0f3434519dd105deaada907f43024f