pp-setlist-fm

Warn

Audited by Socket on Jun 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. Most functionality matches a Setlist.fm analytics skill, and the install sources appear same-org and publicly documented. However, the skill forwards API credentials to an external CLI, supports arbitrary webhook delivery, and includes a Spotify playlist creation capability that conflicts with its repeated read-only/non-mutating claims. Medium risk from scope inconsistency and data-routing flexibility, not confirmed malware.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 16, 2026, 05:00 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-setlist-fm%2F@8811dc60654f05dbb2ce265f3e332d0e05404f72760f424f6a993536d67ebb28
Security Audit — socket — pp-setlist-fm