Security Audit

aeroleads-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

aeroleads-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Generic tool execution via RUBE_REMOTE_WORKBENCH, Unpinned Rube MCP dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Generic tool execution via RUBE_REMOTE_WORKBENCH The skill utilizes `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. While the skill's stated purpose is 'Aeroleads Automation' and other tool calls specify 'Aeroleads operations' as a use case, the `run_composio_tool()` function is generically named. If `run_composio_tool()` can execute any tool available through the Composio platform (not just those strictly related to Aeroleads), it could grant the agent access to functionalities beyond the intended scope. This broad access could potentially allow interaction with other sensitive systems or performance of unintended operations if the underlying Composio tools are not strictly scoped to Aeroleads. Clarify or restrict the scope of `run_composio_tool()` when used in this skill to ensure it can only execute Aeroleads-specific tools. If `run_composio_tool()` is inherently broad, consider if `RUBE_REMOTE_WORKBENCH` is truly necessary or if more granular, scoped tools should be used for bulk operations.	LLM	SKILL.md:60
MEDIUM	Unpinned Rube MCP dependency The skill's manifest declares a dependency on the 'rube' MCP (`"mcp": ["rube"]`) without specifying a version or a fixed endpoint. Although the setup instructions provide `https://rube.app/mcp`, the manifest itself is unpinned. This means the skill will always use the latest version of the `rube` MCP service. If the `rube.app` service were to be compromised or introduce malicious tools or changes in behavior, the skill would automatically inherit these risks without any explicit review or update process, posing a supply chain risk. If the platform supports it, specify a version or a more specific, immutable reference for the `rube` MCP in the manifest. Alternatively, implement a mechanism to verify the integrity and expected behavior of the `rube.app/mcp` endpoint before use, or consider hosting a trusted instance of the MCP.	LLM	SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/51969f84596850bd.svg)](https://skillshield.io/report/51969f84596850bd)