Skip to main content

pp-fedex

Enables small businesses to efficiently manage FedEx shipping with a CLI for rate shopping, bulk label printing, and shipment tracking.

Install this skill

or
68/100

Security score

The pp-fedex skill was audited on Jun 6, 2026 and we found 8 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 105

Webhook reference - potential data exfiltration

SourceSKILL.md
105- **`track watch`** — Continuously poll a set of tracking numbers and emit new events to stdout, a webhook, or a file as they arrive. Polling alternative to FedEx push notifications.
medium line 107

Webhook reference - potential data exfiltration

SourceSKILL.md
107_Most SMBs don't have provisioned push webhooks. Polling daemon is the universal alternative._
low line 110

Webhook reference - potential data exfiltration

SourceSKILL.md
110fedex track watch --tracking 794633071234 --interval 10m --webhook https://example.com/hook
medium line 262

Webhook reference - potential data exfiltration

SourceSKILL.md
262- `fedex-pp-cli track watch --tracking <num> [--interval <duration>] [--webhook <url>]` — Long-poll daemon: continuously poll tracking and emit new events
medium line 365

Webhook reference - potential data exfiltration

SourceSKILL.md
365| `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) |
medium line 367

Webhook reference - potential data exfiltration

SourceSKILL.md
367Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr.
medium line 353

Access to hidden dotfiles in home directory

SourceSKILL.md
353Entries are stored locally at `~/.fedex-pp-cli/feedback.jsonl`. They are never POSTed unless `FEDEX_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `FEDEX_FEEDBACK_AUTO_SEND=true`. Default
low line 110

External URL reference

SourceSKILL.md
110fedex track watch --tracking 794633071234 --interval 10m --webhook https://example.com/hook
Scanned on Jun 6, 2026
View Security Dashboard
Installation guide →
GitHub Stars 1.4K
Rate this skill
Categorymarketing
UpdatedJune 10, 2026
claudeclaude-codefrontenddocxgitapidatabasetestingbackendgrowth-marketerproduct-marketercustomer-success-managersdrbusiness-developmentsqlitemarketingsales
mvanhorn/printing-press-library