pp-myfitnesspal
Warn
Audited by Socket on May 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
The skill's core capabilities fit its stated MyFitnessPal export/analysis purpose, but its trust footprint is broader than necessary: it installs third-party CLI/MCP components, reads browser session cookies, and can POST user data to arbitrary webhooks. This looks more like a vulnerable/suspicious integration than confirmed malware.
Confidence: 84%Severity: 58%
Audit Metadata