pp-eu-tenders

Warn

Audited by Socket on May 18, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the stated purpose mostly matches the read-only procurement-analysis behavior, but the skill’s footprint is broader than a simple search guide because it requires trusting external CLIs, supports arbitrary webhook delivery, and includes MCP transitive installation. No clear credential harvesting or covert exfiltration is shown, so this looks more like elevated supply-chain and outbound-routing risk than confirmed malware.

Confidence: 80%Severity: 61%
Audit Metadata
Analyzed At
May 18, 2026, 05:30 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-eu-tenders%2F@f182ca0ca51c9e9c22901aefbc1db25553dc9703
Security Audit — socket — pp-eu-tenders