Security Audit
appdrag-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
appdrag-automation received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic Tool Discovery and Execution Grants Broad LLM Agency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dynamic Tool Discovery and Execution Grants Broad LLM Agency The skill's core workflow instructs the LLM to dynamically discover tools using `RUBE_SEARCH_TOOLS` and then execute them via `RUBE_MULTI_EXECUTE_TOOL` based on the LLM's interpretation of user intent and tool schemas. This pattern grants the LLM significant agency to select and execute arbitrary Appdrag operations without explicit human review or approval for each specific tool invocation. If the LLM misinterprets a user's request or hallucinates, it could lead to unintended or harmful actions within the Appdrag environment, such as data modification or deletion. Implement human-in-the-loop approval for sensitive operations, restrict the scope of tools discoverable by `RUBE_SEARCH_TOOLS` for the LLM, or provide explicit guardrails and constraints on the types of actions the LLM is permitted to execute without confirmation. | LLM | SKILL.md:36 |
Scan History
Embed Code
[](https://skillshield.io/report/d7e2241f32bc1fed)
Powered by SkillShield