skills/yigitkonur/skills-by-yigitkonur-secondary/build-kernel-ts-sdk/Socket

build-kernel-ts-sdk

Warn

Audited by Socket on May 19, 2026

1 alert found:

Anomaly

Anomalyscripts/scaffold-kernel-app.sh

LOW

AnomalyLOW

scripts/scaffold-kernel-app.sh

This scaffold script itself shows no strong evidence of overt malware (no eval/obfuscation, no credential theft, no persistence, no explicit data exfiltration). However, it generates code that enables high-privilege remote browser control via CDP, uses stealth automation, and in deploy mode accepts an arbitrary, unvalidated URL payload for `page.goto`. The dominant risk is misuse/abuse potential (SSRF-like/internal probing depending on runtime environment) and supply-chain drift from dynamically generated “latest” dependency ranges.

Confidence: 68%Severity: 56%

Audit Metadata

Analyzed At

May 19, 2026, 03:53 PM

Package URL

pkg:socket/skills-sh/yigitkonur%2Fskills-by-yigitkonur-secondary%2Fbuild-kernel-ts-sdk%2F@7e7afbd73295476d34820ac4cb4900d01f7e8144