pp-numista
Warn
Audited by Socket on May 20, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the skill's Numista-related capabilities mostly fit its stated purpose, but its trust model is weak because it depends on installing and using an external CLI/MCP binary that is not verifiable from this artifact, then forwarding Numista credentials and account data to it. Optional arbitrary webhook delivery further expands data-exfiltration risk beyond normal API usage.
Confidence: 82%Severity: 82%
Audit Metadata