Back to skill

Security audit

Activecampaign Automation

Security checks across malware telemetry and agentic risk

Overview

This skill transparently helps an agent make ActiveCampaign CRM and marketing changes through Rube MCP, with no hidden code or unrelated behavior found.

Install only if you want an agent to operate on your ActiveCampaign account through Rube/Composio. Confirm exact contacts, list IDs, tags, and automation IDs before mutating actions, and be especially careful with subscriptions, marketing consent, and bulk changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides operational guidance for creating contacts and changing subscription state in a live CRM/marketing platform without instructing the agent to confirm authorization, user intent, or consequences before modifying customer records. That creates a real risk of unauthorized contact creation, unwanted list enrollment or removal, and compliance issues in systems handling personal data and marketing consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.