Security Audit

bidsketch-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

bidsketch-automation received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned Rube MCP dependency, Broad access to Bidsketch operations.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

91%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Unpinned Rube MCP dependency The skill's manifest specifies a dependency on the 'rube' MCP without a version constraint. This means that any future update to the 'rube' MCP, including potentially malicious or vulnerable versions, would be automatically used by this skill, introducing a supply chain risk. Without version pinning, the skill's behavior and security posture could change unexpectedly. Pin the 'rube' MCP dependency to a specific, known-good version or a version range to mitigate risks from unexpected or malicious updates. For example, update the manifest to `{"mcp": ["rube@1.2.3"]}` or `{"mcp": ["rube@^1.0.0"]}`.	Static	SKILL.md
LOW	Broad access to Bidsketch operations The skill is designed to allow the LLM to discover and execute a wide range of Bidsketch operations via `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. This grants broad programmatic access to Bidsketch functionalities. While this is the intended purpose of the skill, it means that if the LLM itself is compromised (e.g., via prompt injection), it could potentially perform extensive and unauthorized actions within the connected Bidsketch account. The mention of `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' further suggests capabilities that could amplify the impact of misuse. Implement strict access controls and monitoring on the LLM's interaction with this skill. Ensure that user consent is explicitly obtained for sensitive operations. If possible, configure granular permissions within the Rube/Composio platform to limit the scope of actions an LLM can perform, rather than granting full access to all Bidsketch functionalities.	Static	SKILL.md:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c1babd8640cfd946.svg)](https://skillshield.io/report/c1babd8640cfd946)