Skip to main content

pp-fedex

This skill enables small businesses to efficiently manage FedEx shipping through a REST-native CLI, optimizing costs and tracking shipments.

Install this skill

or
68/100

Security score

The pp-fedex skill was audited on Jun 6, 2026 and we found 8 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 100

Webhook reference - potential data exfiltration

SourceSKILL.md
100- **`track watch`** — Continuously poll a set of tracking numbers and emit new events to stdout, a webhook, or a file as they arrive. Polling alternative to FedEx push notifications.
medium line 102

Webhook reference - potential data exfiltration

SourceSKILL.md
102_Most SMBs don't have provisioned push webhooks. Polling daemon is the universal alternative._
low line 105

Webhook reference - potential data exfiltration

SourceSKILL.md
105fedex track watch --tracking 794633071234 --interval 10m --webhook https://example.com/hook
medium line 257

Webhook reference - potential data exfiltration

SourceSKILL.md
257- `fedex-pp-cli track watch --tracking <num> [--interval <duration>] [--webhook <url>]` — Long-poll daemon: continuously poll tracking and emit new events
medium line 360

Webhook reference - potential data exfiltration

SourceSKILL.md
360| `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) |
medium line 362

Webhook reference - potential data exfiltration

SourceSKILL.md
362Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr.
medium line 348

Access to hidden dotfiles in home directory

SourceSKILL.md
348Entries are stored locally at `~/.fedex-pp-cli/feedback.jsonl`. They are never POSTed unless `FEDEX_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `FEDEX_FEEDBACK_AUTO_SEND=true`. Default
low line 105

External URL reference

SourceSKILL.md
105fedex track watch --tracking 794633071234 --interval 10m --webhook https://example.com/hook
Scanned on Jun 6, 2026
View Security Dashboard
Installation guide →
GitHub Stars 1.5K
Rate this skill
Categorysales
UpdatedJune 24, 2026
claudeclaude-codefrontenddocxgitapidatabasetestingbackendsdrcustomer-success-managerbusiness-developmentoperations-managerproduct-managersqlite🇺🇸 USsalesoperationsproduct
mvanhorn/printing-press-library