qualaroo-automation

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's capabilities match its stated Qualaroo automation purpose, and there is no obvious malware or local payload execution. However, all actions and likely auth flows are routed through Composio's hosted Rube MCP intermediary instead of directly to Qualaroo, creating meaningful third-party data-flow and credential-delegation risk.

Confidence: 86%Severity: 58%
Audit Metadata
Analyzed At
Mar 29, 2026, 05:40 AM
Package URL
pkg:socket/skills-sh/ranbot-ai%2Fawesome-skills%2Fqualaroo-automation%2F@fb744c3b610265b17c0b58a60fa8d00fef0638ff
Security Audit — socket — qualaroo-automation