pp-reno-goat

Warn

Audited by Socket on Jun 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s stated purpose matches its shopping/price-watch capabilities and it does not demand sensitive credentials, but it relies on externally installed binaries with mutable latest-version install paths and includes an arbitrary webhook delivery channel. This is more a supply-chain and output-routing risk than confirmed malicious behavior.

Confidence: 79%Severity: 62%
Audit Metadata
Analyzed At
Jun 29, 2026, 02:18 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-reno-goat%2F@2c1d811da88bb0e8db44e893f8e99ab8108d0c5f41b092c6ac8f80ea62f2352e
Security Audit — socket — pp-reno-goat