pp-customer-io

Warn

Audited by Socket on May 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill's Customer.io functionality is plausible, but it centers on installing and trusting non-official third-party binaries that handle Customer.io service-account credentials, with extra outbound delivery paths and MCP installation. The main issue is supply-chain and credential-forwarding risk, not confirmed malware.

Confidence: 91%Severity: 86%
Audit Metadata
Analyzed At
May 16, 2026, 03:16 AM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-customer-io%2F@1495d00110585ed49cd35f8bd73e76f5686dde22
Security Audit — socket — pp-customer-io