pp-shopping
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
shopping-pp-clibinary. It provides instructions to download this tool usingnpxfrom the@mvanhornnpm scope andgo installfrom the vendor's GitHub repository. - Evidence: Installation commands reference
github.com/mvanhorn/printing-press-libraryand@mvanhorn/printing-press-library. - [COMMAND_EXECUTION]: The skill is designed to execute the local
shopping-pp-clibinary for all tasks. This includes data synchronization, price comparison, and deal discovery. - Evidence: Numerous examples of
shopping-pp-cli <command>usage, includingindex,compare,deals, andarbitrage. - [DATA_EXFILTRATION]: The CLI tool features a
--deliverflag that supports sending command output to external webhooks. While intended for automation, this provides a mechanism for routing data to remote servers. - Evidence: Documentation for
--deliver webhook:<url>allowing users to POST output body to a specified URL. - [COMMAND_EXECUTION]: The skill supports MCP (Model Context Protocol) integration by installing a secondary binary.
- Evidence: Instructions to
go installand addshopping-pp-mcpto the Claude Code configuration.
Audit Metadata