Security Audit
Lemlist Automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
Lemlist Automation received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Critical dependency on external Multi-Cloud Platform (MCP).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Critical dependency on external Multi-Cloud Platform (MCP) The skill explicitly requires the `rube.app` Multi-Cloud Platform (MCP) for all its operations and for handling Lemlist API key authentication. This introduces a significant supply chain risk, as the security and integrity of the skill's functionality, user data, and credentials become entirely dependent on the trustworthiness and security posture of `rube.app`. A compromise or malicious intent at `rube.app` could lead to unauthorized data exfiltration (all Lemlist data processed by the skill) and credential harvesting (Lemlist API keys). Evaluate the security and trustworthiness of `rube.app` and Composio MCP. Understand the data handling and security policies of the MCP provider. Consider if direct integration with Lemlist APIs is possible to reduce reliance on a third-party intermediary for sensitive operations and credentials. Implement robust monitoring for any unusual activity related to the Lemlist API key. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/c32c6061c77aba4b)
Powered by SkillShield