pp-ahrefs
Warn
Audited by Socket on May 15, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill’s overall purpose is coherent for Ahrefs read-only access, but it materially depends on third-party binaries from a different apparent publisher identity, forwards credentials to that external CLI, can exfiltrate outputs to arbitrary webhooks, and optionally installs an MCP server that broadens trust scope. This looks more like a moderately risky external-tool wrapper than confirmed malware.
Confidence: 84%Severity: 72%
Audit Metadata