pp-conduyt-crm
Warn
Audited by Socket on May 18, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill's broad CRM functionality is plausible, but its trust boundary is weak: installation and execution depend on a third-party Printing Press publisher rather than clearly same-org Conduyt artifacts, then forward CRM credentials into that CLI. The skill also enables arbitrary webhook delivery and high-impact autonomous actions such as email/SMS sending, calls, billing flows, and admin impersonation, making its footprint larger and riskier than a narrowly scoped CRM access skill.
Confidence: 85%Severity: 78%
Audit Metadata