Security Audit
apaleo-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
apaleo-automation received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Vague `RUBE_REMOTE_WORKBENCH` tool suggests arbitrary execution, Skill grants broad access to all connected Apaleo tools, Reliance on unpinned external MCP endpoint `rube.app/mcp`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Vague `RUBE_REMOTE_WORKBENCH` tool suggests arbitrary execution The `RUBE_REMOTE_WORKBENCH` tool, particularly with `run_composio_tool()`, is described as an option for 'Bulk ops'. The term 'workbench' and the function name `run_composio_tool()` imply a capability for executing arbitrary or less constrained operations within the Composio environment. Without clear limitations, this could allow for command injection, arbitrary code execution, or access to data beyond the intended scope of specific Apaleo tools, leading to data exfiltration or privilege escalation. Provide explicit documentation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, detailing its exact capabilities, security boundaries, and any sandboxing mechanisms. Ensure it cannot execute arbitrary system commands or access unauthorized data. If it's intended for advanced users, clearly state the risks. | Static | SKILL.md:75 | |
| MEDIUM | Skill grants broad access to all connected Apaleo tools The skill, through `RUBE_MULTI_EXECUTE_TOOL`, allows the LLM to execute any Apaleo tool discovered via `RUBE_SEARCH_TOOLS` that the connected Apaleo account has permissions for. This grants the LLM broad control over the Apaleo account, potentially enabling it to perform sensitive operations (e.g., managing bookings, accessing guest data, modifying financial records) without specific constraints beyond the initial Apaleo connection's permissions. While this is the intended functionality, it represents a significant scope of access. Implement fine-grained access control mechanisms within the Apaleo connection or the Rube MCP to limit the specific Apaleo tools or operations that the LLM can access, rather than granting blanket access based solely on the connected account's permissions. | Static | SKILL.md:47 | |
| MEDIUM | Reliance on unpinned external MCP endpoint `rube.app/mcp` The skill explicitly depends on an external MCP server at `https://rube.app/mcp`. There is no version pinning or integrity verification mechanism specified for this endpoint. This introduces a supply chain risk where a compromise of `rube.app` or an unannounced change to the MCP's behavior could directly impact the security and functionality of the skill without the user's knowledge or control. Consider implementing mechanisms to verify the integrity of the MCP endpoint (e.g., cryptographic signatures, content hashing) or explore options for versioning the MCP interface to ensure predictable and secure interactions. | Static | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/28a7e8373fa517e2)
Powered by SkillShield