hubspot-automation
Warn
Audited by Socket on Jun 26, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s CRM purpose is plausible, but its actual footprint relies on a legacy/discontinued Rube MCP path and routes HubSpot OAuth-backed operations through a third-party Composio/Rube gateway rather than official HubSpot APIs. That mismatch raises medium security risk from intermediary data exposure and remote tool-scope trust, though there is no clear evidence of outright malware.
Confidence: 83%Severity: 58%
Audit Metadata