Skills
skills/mvanhorn/printing-press-library/pp-trigger-dev/Socket

pp-trigger-dev

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the purpose is plausible, but the trust chain is mismatched. A Trigger.dev management skill asks for a real Trigger secret key, then routes usage through a personal third-party CLI/install system rather than an official Trigger.dev tool; optional webhook/feedback delivery adds extra exfil paths. This is better classified as high supply-chain and credential-forwarding risk than confirmed malware.

Confidence: 85%Severity: 78%
Audit Metadata
Analyzed At
May 16, 2026, 03:31 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-trigger-dev%2F@df61e80cbba64973141b3595b49704cbbe158d01
Security Audit — socket — pp-trigger-dev