pp-setlist-fm
Warn
Audited by Socket on Jun 16, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. Most functionality matches a Setlist.fm analytics skill, and the install sources appear same-org and publicly documented. However, the skill forwards API credentials to an external CLI, supports arbitrary webhook delivery, and includes a Spotify playlist creation capability that conflicts with its repeated read-only/non-mutating claims. Medium risk from scope inconsistency and data-routing flexibility, not confirmed malware.
Confidence: 100%Severity: 60%
Audit Metadata