skills/zhuxining/skills/fetch/Socket

fetch

Warn

Audited by Socket on May 13, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能目的与能力基本一致，属于网页正文提取；未见明显凭据窃取或隐藏外传。但它要求使用未验证来源的 `crwl` 外部 CLI，且会处理任意不受信网页内容并通过浏览器自动化读取 DOM，整体应判为 SUSPICIOUS 而非 BENIGN。

Confidence: 84%Severity: 74%

Audit Metadata

Analyzed At

May 13, 2026, 01:12 PM

Package URL

pkg:socket/skills-sh/zhuxining%2Fskills%2Ffetch%2F@9e1c8233322c8d1a6c37666d6c76a4602254a3ae