Security Audit

auth0-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

auth0-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Auth0 Management API Access via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Broad Auth0 Management API Access via Rube MCP The skill enables the LLM to discover and execute a wide range of Auth0 management operations through `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. This includes potentially sensitive actions like user management, application configuration, and role assignments. If the underlying Auth0 connection configured in Rube MCP has broad permissions (e.g., an Auth0 Management API token with extensive scopes), a malicious or compromised LLM could perform unauthorized and high-impact actions within the Auth0 tenant. The skill itself does not implement granular access control for specific Auth0 operations, relying on the permissions granted to the Rube MCP connection. Configure the Auth0 connection within Rube MCP with the principle of least privilege, granting only the minimum necessary scopes to the Auth0 Management API token. Implement strict LLM guardrails and human approval workflows for sensitive Auth0 operations invoked via this skill. Consider breaking down the skill into more granular sub-skills with narrower scopes if possible.	LLM	SKILL.md:36

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2f4a79a3896ef59c.svg)](https://skillshield.io/report/2f4a79a3896ef59c)