pp-reno-goat
Warn
Audited by Socket on Jun 29, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s stated purpose matches its shopping/price-watch capabilities and it does not demand sensitive credentials, but it relies on externally installed binaries with mutable latest-version install paths and includes an arbitrary webhook delivery channel. This is more a supply-chain and output-routing risk than confirmed malicious behavior.
Confidence: 79%Severity: 62%
Audit Metadata