pp-smartlead
Warn
Audited by Socket on May 20, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The stated SmartLead-management purpose is plausible, but the skill's real footprint relies on an external CLI and optional MCP binary whose provenance is not established in the skill, while also forwarding SMARTLEAD_API_KEY into that binary. The webhook/output-delivery features further expand data egress. Main concern is credential forwarding to an insufficiently verifiable executable, not confirmed malware.
Confidence: 84%Severity: 86%
Audit Metadata