Skills
skills/why8023/agent-skills/skill-sync/Socket

skill-sync

Warn

Audited by Socket on Apr 13, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该 skill 的核心能力与“同步 skill 到远端和多 Agent 环境”的声明基本一致,未见明显凭证窃取或隐藏外传。主要风险在于:默认自动 commit/push/全局安装,多 Agent 广泛落地,以及通过 `npx skills add` 安装远端 skill 形成转移信任链;再加上未固定 CLI 版本,整体应判为可疑但非恶意。

Confidence: 89%Severity: 72%
Audit Metadata
Analyzed At
Apr 13, 2026, 07:40 AM
Package URL
pkg:socket/skills-sh/why8023%2Fagent-skills%2Fskill-sync%2F@403adda5a47039b599a58319d0f6434c8f68c57d
Security Audit — socket — skill-sync