csdn-article-publish

Warn

Audited by Socket on Mar 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s core purpose matches article publishing, and data appears intended for CSDN rather than an unrelated server, so this is not confirmed malware. But it relies on manually harvested browser session/signature headers instead of a verifiable official API auth flow, forwards those sensitive credentials through a local script, and enables public posting on the user’s behalf; this makes the skill medium-to-high risk despite reasonable purpose alignment.

Confidence: 89%Severity: 69%
Audit Metadata
Analyzed At
Mar 18, 2026, 10:42 PM
Package URL
pkg:socket/skills-sh/wuchubuzai2018%2Fexpert-skills-hub%2Fcsdn-article-publish%2F@3f4372570505634fd3b2d52b8276a88145b9dc80
Security Audit — socket — csdn-article-publish