Security Audit
beaconstac-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
beaconstac-automation received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad tool execution capability via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution capability via RUBE_REMOTE_WORKBENCH The skill documentation advertises the `RUBE_REMOTE_WORKBENCH` tool, which enables 'Bulk ops' and the execution of `run_composio_tool()`. This implies that the LLM, through Rube MCP, could be granted access to a wide range of arbitrary Composio tools, potentially beyond the intended scope of Beaconstac automation. If an LLM is not properly constrained, this broad access could lead to unintended actions or misuse of other connected toolkits. Implement strict access controls and prompt engineering to limit the LLM's use of `RUBE_REMOTE_WORKBENCH` to only necessary and authorized operations. Ensure that the LLM's context and instructions prevent it from invoking `RUBE_REMOTE_WORKBENCH` for actions outside the intended scope of the skill. Consider if `RUBE_REMOTE_WORKBENCH` is truly necessary for this specific skill or if more granular tools should be exposed. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/403c852818a7a4d2)
Powered by SkillShield