Security Audit
apipie-ai-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
apipie-ai-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Remote Workbench, Excessive Permissions via Remote Workbench, Dependency on External MCP 'rube'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Remote Workbench The skill documentation references `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'remote workbench' often implies a general execution environment, and `run_composio_tool()` could potentially allow the execution of arbitrary code or shell commands if not properly sandboxed. This presents a significant command injection risk, allowing an attacker to execute malicious code on the host system or connected services if they can manipulate the arguments passed to this tool. Clarify the exact capabilities and security boundaries of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution, implement strict sandboxing, input validation, and least privilege principles. Consider if such a powerful tool is truly necessary for the skill's intended purpose, and if not, remove it or replace it with more constrained alternatives. | Static | SKILL.md:70 | |
| HIGH | Excessive Permissions via Remote Workbench The `RUBE_REMOTE_WORKBENCH` tool, especially when combined with `run_composio_tool()`, suggests that the skill (and by extension, the LLM using it) could be granted overly broad permissions. If this tool allows arbitrary code execution or access to system resources beyond the scope of 'Apipie AI operations', it constitutes excessive permissions. This increases the attack surface and the potential impact of a successful exploit, such as data exfiltration or system compromise. Review and restrict the permissions granted to `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` to the absolute minimum required for the skill's functionality. Ensure that the execution environment is isolated and that any operations performed are strictly within the intended scope and do not allow access to sensitive system resources or arbitrary code execution. | Static | SKILL.md:70 | |
| INFO | Dependency on External MCP 'rube' The skill declares a dependency on the 'rube' MCP (Multi-Capability Platform) and instructs users to add `https://rube.app/mcp` as an MCP server. While this is a standard dependency declaration, any external dependency introduces a supply chain risk. The security posture of the 'rube' MCP (e.g., its maintenance, security audits, and potential for compromise) directly impacts the security of this skill. This is an informational finding, as the skill itself doesn't introduce a vulnerability, but highlights a point of external reliance. Ensure that the 'rube' MCP is a trusted, well-maintained, and regularly audited platform. Users should be aware of the risks associated with external dependencies and verify the security of all components in their supply chain. | Static | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/cb93f54d1298c0ec)
Powered by SkillShield