Security Audit

alttext-ai-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

alttext-ai-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions via RUBE_REMOTE_WORKBENCH, Unpinned Dependency on External MCP Service.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Excessive Permissions via RUBE_REMOTE_WORKBENCH The skill's manifest requires the 'rube' MCP, which provides access to powerful meta-tools. Specifically, the documentation highlights `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to offer a highly flexible and broad execution environment, potentially allowing the LLM to execute arbitrary Composio tools across various toolkits, not just 'alttext_ai'. While the skill encourages good practices like schema discovery, the inherent power of `RUBE_REMOTE_WORKBENCH` means that a malicious prompt to the LLM could leverage this tool to perform a wide range of unauthorized actions within the Composio ecosystem, limited only by the connected toolkits and the user's Composio account permissions. Implement strict input validation and sandboxing for arguments passed to `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Consider limiting the scope of what `run_composio_tool()` can execute within the workbench, or provide clearer guidance on how to restrict its capabilities to only the intended 'alttext_ai' operations. Ensure that the LLM's access to this powerful tool is carefully controlled and monitored.	Static	SKILL.md:67
MEDIUM	Unpinned Dependency on External MCP Service The skill's manifest specifies a dependency on the 'rube' MCP (`requires: {"mcp": ["rube"]}`). This dependency refers to an external service endpoint (`https://rube.app/mcp`) without any version pinning or specific configuration. This introduces a supply chain risk, as changes to the Rube MCP service (e.g., new features, behavioral changes, or introduction of vulnerabilities) could impact the skill's functionality and security without explicit action or review from the skill developer. There is no mechanism to ensure a consistent or secure version of the external service. If possible, specify a version or a more specific endpoint for the 'rube' MCP dependency to ensure consistency and reduce the risk of unexpected changes. Implement robust monitoring for the external service to detect any changes that could introduce security vulnerabilities or break functionality.	Static	SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e48105f7722e09ea.svg)](https://skillshield.io/report/e48105f7722e09ea)