Security Audit
apitemplate-io-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
apitemplate-io-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency, Broad execution capabilities via RUBE_REMOTE_WORKBENCH, Reliance on external platform for sensitive operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad execution capabilities via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to offer broad execution capabilities within the Composio ecosystem. If `run_composio_tool()` can execute arbitrary Composio tools or code without sufficient sandboxing or explicit permission grants, it could lead to excessive permissions, data exfiltration, or command injection if a malicious prompt instructs the LLM to use it for unintended purposes. The documentation lacks specifics on the security model or limitations of `run_composio_tool()`. Provide clear documentation on the security implications, scope, and sandboxing of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Implement granular permissions and explicit user consent mechanisms for sensitive operations performed via this tool. Consider if such a broad tool is necessary for the skill's intended purpose. | LLM | SKILL.md:90 | |
| MEDIUM | Unpinned Rube MCP dependency The skill manifest specifies a dependency on 'rube' MCP without a version constraint. This means the skill could be used with any version of Rube MCP, including future versions that might introduce breaking changes, vulnerabilities, or unexpected behavior. This lack of pinning introduces a supply chain risk. Pin the Rube MCP dependency to a specific version or version range in the manifest to ensure consistent and predictable behavior and mitigate supply chain risks. | LLM | SKILL.md | |
| MEDIUM | Reliance on external platform for sensitive operations The skill delegates connection management and tool execution to the Rube MCP platform (`rube.app` and `composio.dev`). This includes handling authentication flows for Apitemplate IO, instructing the LLM to 'follow the returned auth link'. While the skill itself doesn't directly exfiltrate data, a compromise of the Rube MCP platform or the Apitemplate IO connection could lead to data exfiltration. The instruction to follow external auth links could also be a vector for phishing or credential compromise if the external platform is malicious. Users should be made aware of the trust placed in `rube.app` and `composio.dev`. Implement robust monitoring and auditing of all external tool calls and data flows. Ensure that the LLM is configured with appropriate guardrails to prevent it from following malicious or unexpected authentication links. | LLM | SKILL.md:37 |
Scan History
Embed Code
[](https://skillshield.io/report/46eef3b57884b86d)
Powered by SkillShield