pp-offerup
Warn
Audited by Socket on Jun 29, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill is largely aligned with its OfferUp-search purpose, but it expands trust to externally installed CLIs, uses browser session cookies for auth, supports arbitrary webhook delivery, and can install an MCP server. These behaviors are explainable for the stated purpose but raise medium security risk and warrant caution.
Confidence: 84%Severity: 58%
Audit Metadata