pp-sncf-connect

Warn

Audited by Socket on May 28, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the read-only Navitia/SNCF use case is coherent, but the installation path relies on a third-party mutable installer and secondary binaries rather than an official SNCF/Navitia distribution channel. The optional webhook sink also creates real egress capability. This looks more like elevated supply-chain and data-flow risk than confirmed malware.

Confidence: 85%Severity: 74%
Audit Metadata
Analyzed At
May 28, 2026, 04:29 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-sncf-connect%2F@b5bb0490dbb50ba25c355c424202f0eed1f44de8
Security Audit — socket — pp-sncf-connect