Security Audit
better-stack-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
better-stack-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill exposes generic tool execution beyond stated scope.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill exposes generic tool execution beyond stated scope The skill is named 'better-stack-automation' and its description focuses on Better Stack tasks. However, it lists `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as an available operation for 'Bulk ops'. If `run_composio_tool()` can execute arbitrary tools from other Composio toolkits (beyond Better Stack), this grants the skill broader access than its stated purpose, potentially leading to unintended actions or data access in other integrated systems not related to Better Stack. Restrict the capabilities of `RUBE_REMOTE_WORKBENCH` within this skill to only execute Better Stack-specific tools, or provide a more specific tool for bulk Better Stack operations. Alternatively, clarify in the documentation that `run_composio_tool()` is contextually limited to Better Stack tools when used within this skill. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/8ff58610e8318668)
Powered by SkillShield