pp-eu-tenders
Warn
Audited by Socket on May 18, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the stated purpose mostly matches the read-only procurement-analysis behavior, but the skill’s footprint is broader than a simple search guide because it requires trusting external CLIs, supports arbitrary webhook delivery, and includes MCP transitive installation. No clear credential harvesting or covert exfiltration is shown, so this looks more like elevated supply-chain and outbound-routing risk than confirmed malware.
Confidence: 80%Severity: 61%
Audit Metadata