pp-amazon-orders
Enables users to track and analyze their Amazon order history offline using a local SQLite database for instant insights.
Install this skill
or
80/100
Security score
The pp-amazon-orders skill was audited on Jun 6, 2026 and we found 4 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 339
Webhook reference - potential data exfiltration
SourceSKILL.md
| 339 | | `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) | |
medium line 341
Webhook reference - potential data exfiltration
SourceSKILL.md
| 341 | Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr. |
medium line 268
Access to hidden dotfiles in home directory
SourceSKILL.md
| 268 | Either form lands the cookie material in `~/.config/amazon-orders-pp-cli/config.toml` and you're authenticated. Validate with `amazon-orders-pp-cli auth status`. |
medium line 327
Access to hidden dotfiles in home directory
SourceSKILL.md
| 327 | Entries are stored locally at `~/.amazon-orders-pp-cli/feedback.jsonl`. They are never POSTed unless `AMAZON_ORDERS_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `AMAZON_ORDERS_FEEDBACK_A |
Scanned on Jun 6, 2026
View Security DashboardGitHub Stars 1.4K
Rate this skill
Categorysales
UpdatedJune 10, 2026
claudeclaude-codefrontendstripedocxgitapidatabasetestingbackendcustomer-success-managerdata-analystmarketing-analystsqlitesalesdata analyticsmarketing
mvanhorn/printing-press-library