Security Audit

appointo-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

appointo-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Broad Execution Capability via RUBE_REMOTE_WORKBENCH, Unpinned Dependency on Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Broad Execution Capability via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool, especially with the term 'workbench', suggests a potentially broad and less constrained execution environment compared to direct API calls. Without clear documentation on the security boundaries and sandboxing of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, there's a risk of excessive permissions, allowing the LLM to perform complex or arbitrary operations that might exceed the intended scope of Appointo automation, potentially leading to unintended actions or privilege escalation within the Composio ecosystem. Clarify the exact capabilities and security model of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If possible, restrict its usage to specific, well-defined operations or provide a more granular tool for bulk operations with explicit permission scoping. Ensure robust sandboxing and access controls are in place for this powerful tool.	Static	SKILL.md:77
MEDIUM	Unpinned Dependency on Rube MCP The skill's manifest declares a dependency on `mcp: ['rube']` without specifying a version. This means the skill will always use the latest available version of Rube MCP. While convenient, this introduces a supply chain risk as updates to Rube MCP could introduce breaking changes, vulnerabilities, or even malicious code without explicit review or consent, potentially impacting the security and stability of the skill's operations. Pin the dependency on Rube MCP to a specific, known-good version (e.g., `mcp: ['rube@1.2.3']`). Regularly review and manually update the version to incorporate necessary security patches and features, ensuring control over the dependency's evolution.	Static	SKILL.md:5

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/96993485b269072e.svg)](https://skillshield.io/report/96993485b269072e)