pp-gumroad

Warn

Audited by Socket on May 17, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

The skill's purpose is coherent, but its actual footprint relies on installing and trusting external Gumroad CLI/MCP binaries whose provenance is not verified in the skill. Because that binary receives a Gumroad access token and can send output to arbitrary webhook endpoints, this is best classified as suspicious/high-risk rather than benign.

Confidence: 84%Severity: 86%
Audit Metadata
Analyzed At
May 17, 2026, 11:28 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-gumroad%2F@d57d90c27be68034804f75a26aba1a201e2c6e49
Security Audit — socket — pp-gumroad