pp-strava
Warn
Audited by Socket on Jun 22, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill's Strava analytics purpose is plausible, but it depends on external executables from a differently named publisher, forwards Strava credentials to that CLI, and includes arbitrary webhook delivery plus MCP installation. No direct malware indicators or hidden exfiltration are shown, but install trust and data-routing scope are significant enough for a medium-high risk classification.
Confidence: 81%Severity: 62%
Audit Metadata