pp-dominos
Enables users to order pizza, track deliveries, and optimize deals via a command-line interface with unique local storage features.
Install this skill
or
75/100
Security score
The pp-dominos skill was audited on Jun 10, 2026 and we found 5 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 296
Webhook reference - potential data exfiltration
SourceSKILL.md
| 296 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 298
Webhook reference - potential data exfiltration
SourceSKILL.md
| 298 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
medium line 220
Access to hidden dotfiles in home directory
SourceSKILL.md
| 220 | Customer ID is the long base64-style identifier from your sign-in. Once `auth login` completes, the bearer token persists in `~/.config/dominos-pp-cli/config.toml` until Dominos expires it (~1 hour). |
medium line 256
Access to hidden dotfiles in home directory
SourceSKILL.md
| 256 | Most commands work without authentication: store locator, menu browse, cart building, anonymous order placement, and tracking-by-phone all succeed unauthenticated. For loyalty rewards, member-exclusiv |
medium line 284
Access to hidden dotfiles in home directory
SourceSKILL.md
| 284 | Entries are stored locally at `~/.dominos-pp-cli/feedback.jsonl`. They are never POSTed unless `DOMINOS_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `DOMINOS_FEEDBACK_AUTO_SEND=true`. De |
Scanned on Jun 10, 2026
View Security DashboardGitHub Stars 1.5K
Rate this skill
Categorysales
UpdatedJune 24, 2026
claudeclaude-codefrontendstripeexceldocxgitapidatabasetestingbackendcustomer-success-managersales-engineerbusiness-developmentsqlite🇺🇸 USsales
mvanhorn/printing-press-library