pp-offerup

Warn

Audited by Socket on Jun 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is largely aligned with its OfferUp-search purpose, but it expands trust to externally installed CLIs, uses browser session cookies for auth, supports arbitrary webhook delivery, and can install an MCP server. These behaviors are explainable for the stated purpose but raise medium security risk and warrant caution.

Confidence: 84%Severity: 58%
Audit Metadata
Analyzed At
Jun 29, 2026, 08:09 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-offerup%2F@55f2aeeb981145e140587fbbe8777bc3a3631813de4273bd14f03a92722e1222
Security Audit — socket — pp-offerup