pricewin-hotel-deal-finder

Warn

Audited by Socket on Jul 14, 2026

2 alerts found:

AnomalySecurity
AnomalyLOW
SKILL.md

SUSPICIOUS. The core behavior mostly matches a hotel comparison skill, but it requires transitive installation from a GitHub-hosted skill repo and executes local scraping code with stealth browser automation. Data collection appears limited and no credential harvesting is evident, so this is better classified as medium-risk supply-chain and agent-execution exposure rather than malware.

Confidence: 82%Severity: 59%
SecurityMEDIUM
bin/daemon.js

No explicit evidence of intentionally malicious payload (e.g., credential theft, persistence, or hardcoded exfiltration) is present in this module. However, it implements a high-privilege local browser automation/extraction service: it accepts arbitrary URLs and selector/ref instructions from untrusted HTTP requests, drives automated interactions, and returns extracted DOM content over HTTP. Combined with Chromium launched with '--no-sandbox' and the absence of authorization checks in this file, the security risk is elevated, particularly if an attacker can reach the daemon.

Confidence: 66%Severity: 74%
Audit Metadata
Analyzed At
Jul 14, 2026, 07:56 AM
Package URL
pkg:socket/skills-sh/price-win%2Fpricewin-skills-hub%2Fpricewin-hotel-deal-finder%2F@770c26ba16d6a78100e6d252ecf41938b3dc103178038cb067141f497d487f66