pp-openalex
Warn
Audited by Socket on May 16, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the stated purpose is coherent and mostly read-only, but the skill relies on externally installed binaries with mutable install paths and supports optional outbound posting of results to arbitrary webhooks. The main concern is install/execution trust and credential forwarding to a third-party CLI rather than overtly malicious behavior.
Confidence: 82%Severity: 72%
Audit Metadata