hubspot-automation

Warn

Audited by Socket on Jun 26, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill’s CRM purpose is plausible, but its actual footprint relies on a legacy/discontinued Rube MCP path and routes HubSpot OAuth-backed operations through a third-party Composio/Rube gateway rather than official HubSpot APIs. That mismatch raises medium security risk from intermediary data exposure and remote tool-scope trust, though there is no clear evidence of outright malware.

Confidence: 83%Severity: 58%
Audit Metadata
Analyzed At
Jun 26, 2026, 06:23 PM
Package URL
pkg:socket/skills-sh/ranbot-ai%2Fawesome-skills%2Fhubspot-automation%2F@727509c0ecf983a679311a103d9fbb877bd8e647475eae4f6858b90224ff96d6
Security Audit — socket — hubspot-automation