Security Audit
anthropic_administrator-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
anthropic_administrator-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Broad Administrative Permissions, Management of Sensitive API Keys and Organizational Data, Supply Chain Risk: Unpinned Rube MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Administrative Permissions The skill is designed to perform 'Anthropic Admin tasks' including 'API keys, usage, workspaces, and organization management'. This grants the skill inherently broad and powerful administrative permissions. While necessary for its intended function, it means any successful exploit (e.g., prompt injection into tool arguments) could lead to significant unauthorized actions, data modification, or deletion within the Anthropic organization. The skill does not implement granular permission controls beyond what the underlying Rube MCP and Anthropic API provide. Implement strict input validation and sanitization for all arguments passed to `RUBE_MULTI_EXECUTE_TOOL`. Ensure the underlying Rube connection is configured with the principle of least privilege, granting only the minimum necessary permissions for specific tasks. Consider breaking down broad administrative skills into more granular, single-purpose skills. | LLM | SKILL.md:1 | |
| HIGH | Management of Sensitive API Keys and Organizational Data The skill's core functionality involves managing Anthropic API keys and organizational data. While this is its intended purpose, it means the skill has direct access to highly sensitive information. If an attacker can manipulate the arguments passed to `RUBE_MULTI_EXECUTE_TOOL` (e.g., through prompt injection), they could potentially instruct the skill to retrieve, modify, or exfiltrate API keys or other sensitive organizational data. The skill itself does not contain explicit exfiltration code, but its access to this data makes it a high-value target for credential harvesting or data exfiltration. Implement robust input validation and sanitization for all tool arguments. Ensure that any tool responses containing sensitive data are handled securely and are not inadvertently exposed or logged. Consider implementing approval workflows for actions involving sensitive data or API key management. | LLM | SKILL.md:1 | |
| MEDIUM | Supply Chain Risk: Unpinned Rube MCP Dependency The skill manifest specifies a dependency on 'rube' for the MCP (`"mcp": ["rube"]`) without a specific version constraint. This means that if a new, potentially malicious or vulnerable version of the 'rube' MCP is released, the skill could automatically use it, introducing a supply chain risk. An attacker could compromise the 'rube' project to distribute malicious updates. Pin the 'rube' MCP dependency to a specific, known-good version (e.g., `"mcp": ["rube==1.2.3"]`) to prevent automatic updates to potentially compromised versions. Regularly review and update dependencies to address known vulnerabilities. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/1996aac46cd1ea1b)
Powered by SkillShield