pp-tella

Facilitates Tella API operations via CLI, enabling efficient video management and transcript searches with local SQLite support.

Install this skill

or

0/100

Security score

The pp-tella skill was audited on Jun 6, 2026 and we found 24 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: "Every Tella API operation behind one CLI, with a local SQLite store, FTS5 transcript search, and webhook tooling... Trigger phrases: `search tella transcripts`, `find tella videos`, `lis

medium line 43

Webhook reference - potential data exfiltration

SourceSKILL.md

43	Reach for tella-pp-cli when you need agent-shaped Tella operations: scripted batch edits across a playlist, cross-video transcript search for an agent, webhook handler development without a tunnel, or

medium line 59

Webhook reference - potential data exfiltration

SourceSKILL.md

59	- `videos viewed` — Roll up webhook view-milestone events into a per-video summary over a window (e.g. who crossed 75% in the last 7 days).

medium line 75

Webhook reference - potential data exfiltration

SourceSKILL.md

75	### Webhook tooling

medium line 77

Webhook reference - potential data exfiltration

SourceSKILL.md

77	- `webhooks tail` — Stream new webhook events from the inbox to stdout, and replay any prior message to a local URL with valid HMAC headers — no public tunnel needed.

medium line 79

Webhook reference - potential data exfiltration

SourceSKILL.md

79	_Use this when developing a webhook handler against Tella without exposing localhost via a tunnel._

low line 82

Webhook reference - potential data exfiltration

SourceSKILL.md

82	tella-pp-cli webhooks tail --follow --json

medium line 118

Webhook reference - potential data exfiltration

SourceSKILL.md

118	- `exports wait` — Kick off exports for one or more videos and block until each is ready, short-circuiting on the Export ready webhook event.

medium line 161

Webhook reference - potential data exfiltration

SourceSKILL.md

161	webhooks — Webhook endpoint management

medium line 163

Webhook reference - potential data exfiltration

SourceSKILL.md

163	- `tella-pp-cli webhooks create-endpoint` — Creates a new webhook endpoint to receive events. Returns the endpoint ID and signing secret.

medium line 164

Webhook reference - potential data exfiltration

SourceSKILL.md

164	- `tella-pp-cli webhooks delete-endpoint` — Permanently deletes a webhook endpoint

medium line 165

Webhook reference - potential data exfiltration

SourceSKILL.md

165	- `tella-pp-cli webhooks get-endpoint-secret` — Retrieves the signing secret for a webhook endpoint. Use this to verify incoming webhook payloads.

medium line 166

Webhook reference - potential data exfiltration

SourceSKILL.md

166	- `tella-pp-cli webhooks get-message` — Returns details of a specific webhook message by ID

medium line 167

Webhook reference - potential data exfiltration

SourceSKILL.md

167	- `tella-pp-cli webhooks list-messages` — Returns a list of recently sent webhook messages for debugging purposes

medium line 195

Webhook reference - potential data exfiltration

SourceSKILL.md

195	Reads cached webhook view-milestone events grouped by video and viewer.

medium line 205

Webhook reference - potential data exfiltration

SourceSKILL.md

205	### Develop a webhook handler without ngrok

low line 208

Webhook reference - potential data exfiltration

SourceSKILL.md

208	tella-pp-cli webhooks tail --once --json

low line 209

Webhook reference - potential data exfiltration

SourceSKILL.md

209	tella-pp-cli webhooks replay <msg-id> --to http://localhost:8080/webhooks

medium line 212

Webhook reference - potential data exfiltration

SourceSKILL.md

212	`webhooks tail` snapshots the inbox; `webhooks replay <msg-id>` re-POSTs that message to a local URL with valid HMAC headers via the endpoint signing secret.

medium line 279

Webhook reference - potential data exfiltration

SourceSKILL.md

279	\| `webhook:<url>` \| POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) \|

medium line 281

Webhook reference - potential data exfiltration

SourceSKILL.md

281	Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr.

high line 205

Ngrok tunnel reference

SourceSKILL.md

205	### Develop a webhook handler without ngrok

medium line 267

Access to hidden dotfiles in home directory

SourceSKILL.md

267	Entries are stored locally at `~/.tella-pp-cli/feedback.jsonl`. They are never POSTed unless `TELLA_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `TELLA_FEEDBACK_AUTO_SEND=true`. Default

low line 209

External URL reference

SourceSKILL.md

209	tella-pp-cli webhooks replay <msg-id> --to http://localhost:8080/webhooks

Scanned on Jun 6, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1.5K

Rate this skill

Categorymarketing

UpdatedJune 24, 2026

claude frontend remotion docx git api database testing backend content-marketer video-producer growth-marketer sqlite marketing content media

mvanhorn/printing-press-library