Security Audit

alpha-vantage-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

alpha-vantage-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Exposure of broad remote execution capability.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Exposure of broad remote execution capability The skill documents and encourages the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. This tool is described as enabling 'Bulk ops' and implies a generic capability to execute arbitrary Composio tools. Without explicit sandboxing or scope limitations defined, an AI agent using this skill could be prompted to leverage `RUBE_REMOTE_WORKBENCH` for purposes beyond Alpha Vantage automation, potentially gaining overly broad access to system resources or executing arbitrary code if `run_composio_tool()` is not sufficiently constrained. This exposes a powerful primitive that could be abused. Review the necessity of exposing `RUBE_REMOTE_WORKBENCH` in this skill. If its inclusion is critical, ensure that `run_composio_tool()` is strictly sandboxed and its capabilities are limited to the intended scope (e.g., Alpha Vantage operations). Add clear documentation on the security implications and any limitations of `RUBE_REMOTE_WORKBENCH` to guide safe usage by AI agents.	Static	SKILL.md:68

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4ff43a6b6a692261.svg)](https://skillshield.io/report/4ff43a6b6a692261)