pp-goodreads
Warn
Audited by Socket on Jun 15, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s Goodreads-focused capabilities mostly match its stated purpose, but it relies on externally installed CLI binaries from a different identity than the listed author, requires high-value browser-derived credentials, and includes an arbitrary webhook output path that can exfiltrate account data. Not confirmed malware, but the trust and data-flow model is broader and riskier than a simple Goodreads integration.
Confidence: 100%Severity: 60%
Audit Metadata