skills/composiohq/awesome-claude-skills/qualaroo-automation/Socket

qualaroo-automation

Fail

Audited by Socket on Feb 17, 2026

1 alert found:

Obfuscated File

Obfuscated FileSKILL.md

HIGH

Obfuscated FileHIGH

SKILL.md

This skill/integration guide enables Qualaroo automation by routing discovery, authentication, and execution through a third-party MCP (https://rube.app/mcp). The document contains no hardcoded secrets or executable malware, but the architecture concentrates sensitive data (auth tokens, execution inputs/outputs, session/memory) in the MCP. That centralization is a supply-chain and data-exfiltration risk if the MCP operator or endpoint is untrusted or compromised. Recommend verifying operator trust, obtaining MCP security/privacy documentation, restricting data and token scopes, and considering direct or organization-controlled connectors for sensitive workloads.

Confidence: 98%

Audit Metadata

Analyzed At

Feb 17, 2026, 12:35 AM

Package URL

pkg:socket/skills-sh/composiohq%2Fawesome-claude-skills%2Fqualaroo-automation%2F@f62a0d3a64fb271fd80e96066f8cc61c19f112ea