pp-tenderned

Facilitates access to Dutch public tenders, including sub-threshold opportunities, through a local-first CLI for procurement analysis.

Install this skill

85/100

Security score

The pp-tenderned skill was audited on Jun 10, 2026 and we found 3 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 127

Webhook reference - potential data exfiltration

SourceSKILL.md

127	\| `webhook:<url>` \| POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) \|

medium line 129

Webhook reference - potential data exfiltration

SourceSKILL.md

129	Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr.

medium line 115

Access to hidden dotfiles in home directory

SourceSKILL.md

115	Entries are stored locally at `~/.local/share/tenderned-pp-cli/feedback.jsonl`. They are never POSTed unless `TENDERNED_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `TENDERNED_FEEDBACK_A

Scanned on Jun 10, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1.3K

Rate this skill

Categorydata analytics

UpdatedJune 10, 2026

claude frontend docx git api database testing backend market-research-analyst business-development growth-marketer product-marketer sales-operations 🇳🇱 NL data analytics sales marketing

mvanhorn/printing-press-library