brex-staging-automation

Warn

Audited by Snyk on Jun 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill instructs adding and using the runtime MCP endpoint https://rube.app/mcp (via RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS / RUBE_MULTI_EXECUTE_TOOL) to fetch tool schemas and recommended execution plans that directly determine which tools and arguments the agent will execute, so this external URL controls agent behavior at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to automate "Brex Staging" operations via a dedicated "brex_staging" toolkit and describes discovering and executing toolkit tools (RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH / run_composio_tool()). Brex is a financial/payments platform, and the skill's primary purpose is to run Brex-specific operations through those APIs/tooling. This constitutes direct financial execution capability rather than a generic tool, so it should be flagged.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 04:58 PM
Issues
2
Security Audit — snyk — brex-staging-automation