pp-qbo

Warn

Audited by Socket on Jun 25, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The core capability matches the stated QuickBooks purpose and the install sources appear same-project, but the skill still carries medium risk from mutable installer paths, forwarding OAuth secrets into an external CLI, optional webhook delivery of sensitive results, and an optional third-party hosted OAuth redirect. The footprint is mostly coherent, yet the data-handling and autonomous accounting actions warrant caution.

Confidence: 82%Severity: 58%
Audit Metadata
Analyzed At
Jun 25, 2026, 10:31 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-qbo%2F@be4318c54fc9a330e60e1024c4ac14ef80b931385e574418b87eebabaadabc7f
Security Audit — socket — pp-qbo