pp-smartlead

Warn

Audited by Socket on May 20, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The stated SmartLead-management purpose is plausible, but the skill's real footprint relies on an external CLI and optional MCP binary whose provenance is not established in the skill, while also forwarding SMARTLEAD_API_KEY into that binary. The webhook/output-delivery features further expand data egress. Main concern is credential forwarding to an insufficiently verifiable executable, not confirmed malware.

Confidence: 84%Severity: 86%
Audit Metadata
Analyzed At
May 20, 2026, 11:59 PM
Package URL
pkg:socket/skills-sh/mvanhorn%2Fprinting-press-library%2Fpp-smartlead%2F@3d07aced95dcda48ccedd4bb3bc913a37906872e
Security Audit — socket — pp-smartlead