pp-forgejo

Warn

Audited by Socket on Jun 28, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill largely matches its stated Forgejo-management purpose, but it requires trusting external CLI/MCP binaries, forwards Forgejo credentials to that code, enables broad authenticated admin actions, and supports arbitrary webhook delivery of command output. The main concern is disproportionate operational power and expanded trust, not confirmed malware.

Confidence: 87%Severity: 62%
Audit Metadata
Analyzed At
Jun 28, 2026, 05:28 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-forgejo%2F@2cae6f7587b2d4d9834bc602108179645a4a5392b83a29379d9b977e6f23df23
Security Audit — socket — pp-forgejo