Users may receive notifications from CSF/LFD regarding sudo access from the wp-toolkit user on servers where WP Toolkit is installed, such as:
SUDO login alert - Successful login from wp-toolkit to username
As explained in WP Toolkit requires sudo, WP Toolkit will regularly use sudo to run processes as the cPanel user.
To prevent these emails in CSF, the following setting should be disabled, as per ConfigServer's configuration file's explain:
# Send an email alert if anyone uses sudo to access another account. This will
# send an email alert whether the attempt to use sudo was successful or not
# NOTE: This option could become onerous if sudo is used extensively for root
# access by administrators or control panels. It is provided for those where
# this is not the case
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SUDO_EMAIL_ALERT = "0"
Afterward, the CSF/LFD service should be restarted.