Security Audit
anthropic-administrator-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
anthropic-administrator-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Supply Chain Risk: Unpinned dependency on Rube MCP, Excessive Permissions: Broad access to Anthropic Admin tools.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill recommends using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the function `run_composio_tool()` suggest a powerful execution environment that could potentially allow arbitrary code execution or command injection if not properly sandboxed and secured. Without further details on `RUBE_REMOTE_WORKBENCH`'s implementation and security controls, this presents a significant risk for an attacker to execute unauthorized commands or scripts. Provide detailed documentation on the security model and sandboxing of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that these tools cannot be used to execute arbitrary code or commands outside of their intended, constrained functionality. If possible, restrict the use of this tool or provide a more secure, constrained alternative for bulk operations. | LLM | SKILL.md:80 | |
| MEDIUM | Supply Chain Risk: Unpinned dependency on Rube MCP The skill's manifest specifies a dependency on 'rube' MCP without a version constraint (`"mcp": ["rube"]`). This means the skill could be deployed with any version of Rube MCP, including future versions that might introduce breaking changes, vulnerabilities, or even malicious functionality. This lack of pinning makes the skill vulnerable to supply chain attacks or unexpected behavior changes if the upstream Rube MCP changes. Pin the Rube MCP dependency to a specific, known-good version or a well-defined version range in the skill's manifest to ensure stability and security. | LLM | SKILL.md:3 | |
| MEDIUM | Excessive Permissions: Broad access to Anthropic Admin tools The skill is designed to automate 'Anthropic Admin tasks' and uses `RUBE_MULTI_EXECUTE_TOOL` to execute tools discovered via `RUBE_SEARCH_TOOLS`. While the skill advises searching first, it does not implement any explicit restrictions or whitelisting on *which* specific Anthropic Admin tools can be executed. This broad access means that if an attacker can manipulate the tool slugs or arguments (e.g., through prompt injection against the LLM or a compromised Rube MCP), they could potentially execute any available administrative action, leading to unauthorized changes or data access within the Anthropic Admin system. Implement a whitelist of allowed Anthropic Admin tool slugs and their permissible arguments within the skill's logic. This would prevent the LLM or a malicious actor from executing unintended or overly powerful administrative actions. Ensure that user-provided input for `tool_slug` or `arguments` is strictly validated against this whitelist. | LLM | SKILL.md:56 |
Scan History
Embed Code
[](https://skillshield.io/report/a3a376e7d5d0508f)
Powered by SkillShield