pp-myfitnesspal

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

The skill's core capabilities fit its stated MyFitnessPal export/analysis purpose, but its trust footprint is broader than necessary: it installs third-party CLI/MCP components, reads browser session cookies, and can POST user data to arbitrary webhooks. This looks more like a vulnerable/suspicious integration than confirmed malware.

Confidence: 84%Severity: 58%
Audit Metadata
Analyzed At
May 16, 2026, 03:26 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-myfitnesspal%2F@6e9523021b9fbc1794885298612e033268535643
Security Audit — socket — pp-myfitnesspal