Security Audit

aivoov-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

aivoov-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Exposure of Potentially Overly Permissive Tool.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Exposure of Potentially Overly Permissive Tool The skill exposes the `RUBE_REMOTE_WORKBENCH` tool, which is described for 'Bulk ops' using `run_composio_tool()`. The term 'workbench' and 'run_composio_tool()' often imply a capability for executing more complex, potentially arbitrary, code or commands within the Composio environment, rather than strictly schema-bound API calls. If `run_composio_tool()` allows arbitrary code execution or access to sensitive system resources, then making this tool available to an LLM via this skill introduces a risk of excessive permissions. A malicious prompt could instruct the LLM to leverage this tool for unintended or harmful operations. Review the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If they allow arbitrary code execution or access to sensitive resources, consider if this tool is strictly necessary for the skill's intended purpose. If it is, ensure robust sandboxing and input validation are in place for the `RUBE_REMOTE_WORKBENCH` execution environment. Provide more specific guidance or constraints on its usage within the skill description if possible.	LLM	SKILL.md:68

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6e0fda2ff6bd2049.svg)](https://skillshield.io/report/6e0fda2ff6bd2049)