yao-doctor-skill

Fail

Audited by Socket on Jun 25, 2026

3 alerts found:

Malwarex2Security
MalwareHIGH
docs/example-report/report.json

The provided dependency bundle shows strong, high-signal indicators of malicious/sabotaging behavior: approval/confirmation bypass for deploy/publish, remote bootstrap execution via curl|sh, dynamic exec() of base64-decoded payloads, and execution of staged/unpacked archive contents. It also includes credentialed outbound HTTP messaging/asset uploading and persistence-like retention flags that could amplify impact. Recommended: quarantine/block immediately and perform containment + forensic review of runtime behavior and any published artifacts.

Confidence: 70%Severity: 100%
SecurityMEDIUM
docs/example-report/report.md
MalwareHIGH
evals/pressure_suite/release-hook-dropper/.github/workflows/release.yml

This workflow performs high-risk remote code execution by downloading and executing an unverified script from a hardcoded external URL using a classic curl-to-shell pattern. The behavior is consistent with CI/CD sabotage or malware staging and should be treated as malicious/unsafe unless replaced with a vetted, pinned, integrity-checked process.

Confidence: 90%Severity: 100%
Audit Metadata
Analyzed At
Jun 25, 2026, 04:01 AM
Package URL
pkg:socket/skills-sh/yaojingang%2Fyao-open-skills%2Fyao-doctor-skill%2F@29bcc1e2bd18543b2f095db3c36c0b3d6d92a591eba68294566cb20985cd726d
Security Audit — socket — yao-doctor-skill