Security Audit
appsflyer-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
appsflyer-automation received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Reliance on Unverified External MCP, Potential for Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH, Unpinned External MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Reliance on Unverified External MCP The skill is entirely dependent on an external, unverified Rube MCP (`https://rube.app/mcp`). The security and integrity of this skill are directly tied to the trustworthiness and security posture of the Rube MCP service. A compromise or malicious change in the Rube MCP could lead to severe security vulnerabilities, including data exfiltration, command injection, or credential harvesting, as the skill delegates all core functionality to this external system. Thoroughly vet the security practices and reputation of any external MCPs. Implement mechanisms to verify the integrity of the MCP's responses and tools. Consider sandboxing the execution environment for interactions with external services. | Static | SKILL.md:10 | |
| HIGH | Potential for Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the function `run_composio_tool()` suggest the capability to execute complex or potentially arbitrary operations. Without clear documentation on the sandboxing, input validation, and limitations of this tool, there is a significant risk of command injection or arbitrary code execution if malicious input can be passed to `run_composio_tool()` or if the underlying Rube MCP implementation is compromised. Provide explicit documentation on the security boundaries, sandboxing, and input validation mechanisms for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that any code execution capabilities are strictly controlled, isolated, and subject to rigorous security checks. Limit the scope of operations that can be performed through this tool. | Static | SKILL.md:60 | |
| MEDIUM | Unpinned External MCP Dependency The manifest specifies a dependency on 'rube' MCP without a version constraint (`"mcp": ["rube"]`). This means the skill could interact with any version of the Rube MCP, including future versions that might introduce breaking changes, unexpected behavior, or even security vulnerabilities. While the skill emphasizes dynamic tool discovery, the core dependency on the MCP itself is unpinned, which can lead to instability or security regressions. If possible, specify a version or a range of compatible versions for the Rube MCP dependency in the manifest. Implement robust compatibility testing to ensure the skill functions correctly and securely with different MCP versions. Monitor the MCP provider for updates and security advisories. | Static | manifest.json:1 |
Scan History
Embed Code
[](https://skillshield.io/report/1179725e59d5f637)
Powered by SkillShield