pp-seats-aero
Warn
Audited by Socket on May 15, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core Seats.aero read-only purpose, API key use, and command set are broadly coherent, but the skill expands beyond simple querying by installing external binaries, adding an MCP server, and allowing arbitrary webhook/feedback endpoints for outbound data. This looks more like a high-exposure integration than clear malware, with medium security risk driven by supply-chain trust and optional exfiltration paths.
Confidence: 80%Severity: 62%
Audit Metadata