path-traversal-lfi

Warn

Audited by Socket on Apr 30, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

High-risk offensive skill. Its stated purpose is exploitation, and its contents consistently teach an AI agent how to steal files, obtain credentials, and turn LFI into code execution. Not confirmed malware by itself, but it is inappropriate as a general-purpose skill and materially increases attack capability.

Confidence: 94%Severity: 90%
Audit Metadata
Analyzed At
Apr 30, 2026, 12:04 PM
Package URL
pkg:socket/skills-sh/yaklang%2Fhack-skills%2Fpath-traversal-lfi%2F@a88e53ba6d9728f8d03c0806e789c7918332dd28
Security Audit — socket — path-traversal-lfi