Amplitude Automation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: amplitude-automation Version: 0.1.0 The skill bundle is designed to automate Amplitude tasks via the Rube MCP. The `SKILL.md` provides clear instructions for using specific Amplitude-related tools (e.g., `AMPLITUDE_SEND_EVENTS`, `AMPLITUDE_IDENTIFY`) and details on how to set up the Rube MCP connection at `https://rube.app/mcp`. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized execution, persistence, or malicious prompt injection attempts against the agent. All instructions are directly aligned with the stated purpose of Amplitude automation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change Amplitude analytics data or cohort membership if the user asks it to perform those workflows.
The skill documents tools that can write analytics events and change cohort membership. This is purpose-aligned for Amplitude automation, but these are account-mutating actions.
`AMPLITUDE_SEND_EVENTS` - Send one or more events to Amplitude ... `AMPLITUDE_UPDATE_COHORT_MEMBERSHIP` - Add/remove users from a cohort
Confirm the exact project, users, event payloads, and cohort changes before allowing write actions, especially for bulk updates.
The connected account determines what Amplitude data the agent can read or modify.
The skill requires an authenticated Amplitude connection through Rube. This is expected for the stated purpose, but it grants delegated account access.
Active Amplitude connection via `RUBE_MANAGE_CONNECTIONS` with toolkit `amplitude` ... follow the returned auth link to complete Amplitude authentication
Use the least-privileged Amplitude account or workspace available, and revoke the Rube connection when it is no longer needed.
Requests and relevant Amplitude task data may pass through Rube/Composio as part of tool execution.
The skill routes tool discovery and Amplitude actions through an external MCP service. This is disclosed and central to the skill, but it introduces a third-party data and permission boundary.
Add `https://rube.app/mcp` as an MCP server in your client configuration.
Only connect this MCP server if you trust the provider and understand what Amplitude permissions the connection grants.