pp-sncf-connect
Warn
Audited by Socket on May 28, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the read-only Navitia/SNCF use case is coherent, but the installation path relies on a third-party mutable installer and secondary binaries rather than an official SNCF/Navitia distribution channel. The optional webhook sink also creates real egress capability. This looks more like elevated supply-chain and data-flow risk than confirmed malware.
Confidence: 85%Severity: 74%
Audit Metadata