pp-nasa-images
Warn
Audited by Socket on May 20, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Suspicious rather than malicious. The skill's read-only NASA-media purpose is coherent, but it relies on an external CLI/MCP binary whose provenance is not established in the skill, triggering high supply-chain risk. Network behavior is mostly consistent with the purpose, though optional webhook delivery and configurable feedback posting create outbound data paths that should be used cautiously.
Confidence: 84%Severity: 78%
Audit Metadata