pp-numista

Warn

Audited by Socket on May 20, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill's Numista-related capabilities mostly fit its stated purpose, but its trust model is weak because it depends on installing and using an external CLI/MCP binary that is not verifiable from this artifact, then forwarding Numista credentials and account data to it. Optional arbitrary webhook delivery further expands data-exfiltration risk beyond normal API usage.

Confidence: 82%Severity: 82%
Audit Metadata
Analyzed At
May 20, 2026, 05:26 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-numista%2F@8b28fa875710e11a9ed5825d5cc8bb77f5a848a6
Security Audit — socket — pp-numista