pp-american-reindustrialization
Warn
Audited by Socket on May 19, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The stated purpose is coherent for a read-only directory-analysis skill, but the trust model is weak because all core behavior is delegated to an externally installed CLI whose provenance is not established here. The optional webhook and feedback POST features also extend data flow beyond the stated offline/local analysis use case. No direct credential harvesting is shown, so this is not confirmed malware, but it carries meaningful supply-chain and data-egress risk.
Confidence: 82%Severity: 74%
Audit Metadata