pp-craigslist
Warn
Audited by Socket on May 25, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill’s stated purpose aligns with its Craigslist monitoring capabilities, and auth scope is proportionate, but install trust is weakened by inconsistent npm package naming versus current official docs. The external CLI is same-org and appears legitimate, so this is not confirmed malware; however, arbitrary webhook delivery and transitive MCP installation keep the overall risk at medium.
Confidence: 100%Severity: 60%
Audit Metadata