Security Audit
backendless-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
backendless-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad access to Backendless operations via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad access to Backendless operations via Rube MCP The skill provides access to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` which allow the LLM to execute arbitrary Backendless operations through the Rube MCP. While the skill advises discovering tools first, the inherent capability granted is very broad, potentially allowing full control over the connected Backendless account. If the LLM is compromised (e.g., via prompt injection), it could be coerced into performing unauthorized or destructive actions on the Backendless service. Implement more granular access control within the Rube MCP or Backendless integration layer, if possible. Ensure the LLM's environment strictly sandboxes tool execution and validates arguments against expected patterns. Consider requiring explicit user confirmation for sensitive operations before execution. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/4687c4b0438d39c3)
Powered by SkillShield