Security Audit

Customer.io Automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Customer.io Automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Potential Server-Side Request Forgery (SSRF) via data_file_url, Reliance on external Managed Connection Provider (rube.app).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

83%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Server-Side Request Forgery (SSRF) via data_file_url The `CUSTOMERIO_TRIGGER_BROADCAST` tool exposes a `data_file_url` parameter, allowing the agent to specify an arbitrary URL from which Customer.io will fetch user data. If the Customer.io backend does not adequately validate or restrict these URLs, an attacker could leverage this to perform Server-Side Request Forgery (SSRF). This could lead to internal network reconnaissance, access to sensitive internal resources, or data exfiltration to attacker-controlled servers by tricking the agent into providing a malicious URL. Implement strict URL validation and allow-listing for `data_file_url` on the Customer.io API side to prevent arbitrary URL fetching. If possible, the skill's underlying implementation should also enforce stricter validation or only allow specific trusted domains for this parameter.	Static	SKILL.md:40
LOW	Reliance on external Managed Connection Provider (rube.app) The skill's setup explicitly states that Customer.io account connections are managed through `https://rube.app/mcp`. This introduces a dependency on a third-party service (`rube.app`) for authentication and potentially proxying API calls. A compromise of `rube.app` could lead to credential harvesting, interception, or manipulation of Customer.io API requests, posing a supply chain risk to the skill's operations and user data. This is an inherent architectural dependency. Users should be made aware of the trust placed in `rube.app`. Composio should ensure robust security practices for its MCP services, including regular security audits and transparent security policies. For the skill itself, this is primarily an informational risk disclosure.	Static	SKILL.md:17

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e201bcf575ccfb81.svg)](https://skillshield.io/report/e201bcf575ccfb81)