pp-conduyt-crm

Warn

Audited by Socket on May 18, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill's broad CRM functionality is plausible, but its trust boundary is weak: installation and execution depend on a third-party Printing Press publisher rather than clearly same-org Conduyt artifacts, then forward CRM credentials into that CLI. The skill also enables arbitrary webhook delivery and high-impact autonomous actions such as email/SMS sending, calls, billing flows, and admin impersonation, making its footprint larger and riskier than a narrowly scoped CRM access skill.

Confidence: 85%Severity: 78%
Audit Metadata
Analyzed At
May 18, 2026, 05:31 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-conduyt-crm%2F@a56f15aa0417f607bcdd11173869972946f0cf01
Security Audit — socket — pp-conduyt-crm