pippit-skill

Warn

Audited by Socket on May 27, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is mostly purpose-aligned for Pippit creation and publishing, and the visible data flow points to the official Pippit service rather than an obvious third-party collector. However, it performs real-world social posting, reads a locally cached access key, and the public provenance for the referenced local script wrappers is weak, so the overall risk is medium rather than benign.

Confidence: 82%Severity: 58%
Audit Metadata
Analyzed At
May 27, 2026, 07:24 AM
Package URL
pkg:socket/skills-sh/Pippit-dev%2Fpippit-skills%2Fpippit-skill%2F@ec4065d5df0ccdf29e19c56aa58e02c69bef2d50
Security Audit — socket — pippit-skill