Security Audit
clickmeeting-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
clickmeeting-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Broad Access to Third-Party Service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Broad Access to Third-Party Service The skill is designed to 'Automate Clickmeeting tasks' and grants broad access to all Clickmeeting operations via the Rube MCP and `RUBE_MULTI_EXECUTE_TOOL`. While this aligns with the skill's stated purpose, it means that a compromised agent could perform any action available to the connected Clickmeeting account, including creating/deleting meetings, managing attendees, and accessing sensitive data. The skill does not provide mechanisms for granular permission control over specific Clickmeeting actions, exposing a wide attack surface if the agent is compromised. Users should be made aware of the full scope of access granted to the agent for Clickmeeting. If possible, implement granular permission controls within the Composio toolkit or ensure the connected Clickmeeting account operates with the principle of least privilege, limiting its capabilities to only what is strictly necessary for the intended automation tasks. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/1c6b9e9e91e05c00)
Powered by SkillShield