Skills
skills/wgpsec/aboutsecurity/xray-scan/Socket

xray-scan

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能与其声明用途一致,但其用途本身就是赋予 AI 代理自动化 Web 漏洞扫描/弱口令测试/被动流量分析能力,属于高风险安全工具型技能。安装来源与发布方基本一致、未见明显恶意中转或凭据窃取,但闭源二进制、可加载 POC、以及对外部目标执行进攻性检测使整体应判为 SUSPICIOUS 而非 BENIGN。

Confidence: 90%Severity: 80%
Audit Metadata
Analyzed At
Apr 22, 2026, 10:11 AM
Package URL
pkg:socket/skills-sh/wgpsec%2FAboutSecurity%2Fxray-scan%2F@a674363d0cdff166b640744b875058a3a96778ab