pp-customer-io
Warn
Audited by Socket on May 16, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The skill's Customer.io functionality is plausible, but it centers on installing and trusting non-official third-party binaries that handle Customer.io service-account credentials, with extra outbound delivery paths and MCP installation. The main issue is supply-chain and credential-forwarding risk, not confirmed malware.
Confidence: 91%Severity: 86%
Audit Metadata