pp-anylist
Automates grocery and meal planning workflows via terminal commands, enhancing efficiency in shopping list management and recipe searching.
Install this skill
or
80/100
Security score
The pp-anylist skill was audited on Jun 8, 2026 and we found 4 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 291
Webhook reference - potential data exfiltration
SourceSKILL.md
| 291 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 293
Webhook reference - potential data exfiltration
SourceSKILL.md
| 293 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
medium line 251
Access to hidden dotfiles in home directory
SourceSKILL.md
| 251 | AnyList uses email + password authentication returning a short-lived access_token and a refresh_token. The CLI stores these in ~/.config/anylist-pp-cli/config.toml and transparently refreshes on 401 r |
medium line 279
Access to hidden dotfiles in home directory
SourceSKILL.md
| 279 | Entries are stored locally at `~/.anylist-pp-cli/feedback.jsonl`. They are never POSTed unless `ANYLIST_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `ANYLIST_FEEDBACK_AUTO_SEND=true`. De |
Scanned on Jun 8, 2026
View Security DashboardGitHub Stars 1.3K
Rate this skill
Categorymarketing
UpdatedJune 13, 2026
claudefrontendexceldocxgitapidatabasetestingmobilebackendgrowth-marketerproduct-marketercustomer-success-managern8nmarketingsales
mvanhorn/printing-press-library