pp-goodreads

Warn

Audited by Socket on Jun 15, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s Goodreads-focused capabilities mostly match its stated purpose, but it relies on externally installed CLI binaries from a different identity than the listed author, requires high-value browser-derived credentials, and includes an arbitrary webhook output path that can exfiltrate account data. Not confirmed malware, but the trust and data-flow model is broader and riskier than a simple Goodreads integration.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 15, 2026, 12:53 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-goodreads%2F@4ffdd5c1dc8654d66ee8679c81227c245209bfffcf5fcca1062cfb40fd3c6aa1
Security Audit — socket — pp-goodreads