skills/prava-payments/prava-skills/prava-agent-payments/Socket

prava-agent-payments

Warn

Audited by Socket on May 9, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS: the skill is coherent for agent payments, and its main data flow goes to same-brand Prava infrastructure, but it grants an AI agent the ability to complete real purchases using returned payment credentials and includes external CLI/skill update trust paths. This is not confirmed malware, but it is high-risk due to autonomous financial action and sensitive credential handling.

Confidence: 83%Severity: 72%

Audit Metadata

Analyzed At

May 9, 2026, 11:37 PM

Package URL

pkg:socket/skills-sh/Prava-Payments%2Fprava-skills%2Fprava-agent-payments%2F@7702092cfcd6e50a5f8e6b32d2404d7fe7f61503