Security Audit

bolna-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

bolna-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Potential Credential Exposure via Authentication Flow, Potential Data Exfiltration via Tool Arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Potential Credential Exposure via Authentication Flow The skill instructs the AI agent to use `RUBE_MANAGE_CONNECTIONS` and potentially follow an 'auth link' to complete the setup for Bolna. Interacting with external authentication flows, especially by following dynamically generated links, can expose the agent to risks of credential harvesting or session token leakage if the agent is not securely designed to handle such interactions (e.g., by logging sensitive URLs, extracting tokens from untrusted sources, or being redirected to malicious sites). Ensure the AI agent is designed with robust security measures for handling authentication flows. This includes validating the domain of auth links, preventing logging of sensitive information (like tokens or full auth URLs), and ensuring the agent does not expose credentials or session tokens to untrusted parties. Consider human-in-the-loop verification for sensitive authentication steps.	LLM	SKILL.md:23
MEDIUM	Potential Data Exfiltration via Tool Arguments The skill instructs the AI agent to use `RUBE_MULTI_EXECUTE_TOOL` with `arguments` that are populated based on tool schemas. If these arguments can be constructed from untrusted user input, and if the underlying Bolna tools allow reading or transmitting sensitive data (e.g., user data, internal system information), there is a risk of data exfiltration. The skill does not provide explicit safeguards against passing untrusted input to these tool arguments. Implement strict input validation and sanitization for any user-provided data that is used to construct tool arguments. Ensure the AI agent is instructed to never pass sensitive or untrusted information directly into tool arguments without explicit confirmation or sanitization. Review the permissions and capabilities of the underlying Bolna tools to minimize the risk of unauthorized data access.	LLM	SKILL.md:48

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/143edfdba4628d3e.svg)](https://skillshield.io/report/143edfdba4628d3e)