Security Audit
bigpicture-io-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
bigpicture-io-automation received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Excessive Permissions Granted to Bigpicture IO Operations, Unpinned Dependency in Manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill exposes the `RUBE_REMOTE_WORKBENCH` tool with `run_composio_tool()` for 'Bulk ops'. If `run_composio_tool()` allows arbitrary code or shell command execution through its arguments, and these arguments can be influenced by user input via the LLM, it presents a significant command injection vulnerability. The skill's description does not specify input validation or sandboxing for this powerful operation. Ensure that `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` strictly validate and sanitize all inputs to prevent arbitrary code or command execution. Implement robust sandboxing for any code execution environments invoked by this tool. | LLM | SKILL.md:78 | |
| MEDIUM | Excessive Permissions Granted to Bigpicture IO Operations The skill grants broad access to Bigpicture IO operations through `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. While this is the nature of an automation skill, the description does not outline any mechanisms for least privilege or fine-grained access control. This means the skill, if misused or compromised, could perform a wide range of potentially sensitive actions within Bigpicture IO without explicit scope limitation. Review the necessity of granting such broad access. If possible, implement mechanisms for least privilege, allowing the skill to only access the specific Bigpicture IO tools and operations required for its intended purpose. Provide clear guidance on how to restrict tool access if the underlying Rube MCP supports it. | LLM | SKILL.md:60 | |
| MEDIUM | Unpinned Dependency in Manifest The skill's manifest specifies a dependency on the 'rube' MCP without a pinned version. This means the skill will always use the latest available version of Rube, which could lead to unexpected behavior, breaking changes, or the introduction of new vulnerabilities if upstream updates are not thoroughly reviewed and tested. Pin the version of the 'rube' MCP dependency in the manifest (e.g., `"rube": "^1.0.0"` or `"rube": "1.2.3"`) to ensure deterministic behavior and prevent unexpected updates that could introduce vulnerabilities or compatibility issues. | LLM | SKILL.md:2 |
Scan History
Embed Code
[](https://skillshield.io/report/9cd8fd03fb09bd48)
Powered by SkillShield