pp-craigslist

Warn

Audited by Socket on May 25, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s stated purpose aligns with its Craigslist monitoring capabilities, and auth scope is proportionate, but install trust is weakened by inconsistent npm package naming versus current official docs. The external CLI is same-org and appears legitimate, so this is not confirmed malware; however, arbitrary webhook delivery and transitive MCP installation keep the overall risk at medium.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
May 25, 2026, 02:34 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-craigslist%2F@015e1d37ee4cb3cd986449a19bfaca04695f1e31
Security Audit — socket — pp-craigslist