pp-zoho-expense
Automates expense management by uploading receipts and tagging expenses using learned merchant memory for efficient reporting.
Install this skill
or
79/100
Security score
The pp-zoho-expense skill was audited on Jun 10, 2026 and we found 5 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 438
Webhook reference - potential data exfiltration
SourceSKILL.md
| 438 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 440
Webhook reference - potential data exfiltration
SourceSKILL.md
| 440 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
medium line 384
Access to hidden dotfiles in home directory
SourceSKILL.md
| 384 | Zoho Expense uses OAuth 2.0 with a self-client authorization-code flow. Create a self-client at https://api-console.zoho.in/, generate a 10-minute authorization code, then run `zoho-expense-pp-cli aut |
medium line 426
Access to hidden dotfiles in home directory
SourceSKILL.md
| 426 | Entries are stored locally at `~/.zoho-expense-pp-cli/feedback.jsonl`. They are never POSTed unless `ZOHO_EXPENSE_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `ZOHO_EXPENSE_FEEDBACK_AUTO |
low line 384
External URL reference
SourceSKILL.md
| 384 | Zoho Expense uses OAuth 2.0 with a self-client authorization-code flow. Create a self-client at https://api-console.zoho.in/, generate a 10-minute authorization code, then run `zoho-expense-pp-cli aut |
Scanned on Jun 10, 2026
View Security DashboardGitHub Stars 1.4K
Rate this skill
Categoryfinance accounting
UpdatedJune 10, 2026
claudeclaude-codehermesfrontenddocxgitapidatabasetestingbackendaccountantfinancial-analystbusiness-development🇮🇳 INfinance accountingsales
mvanhorn/printing-press-library