Security Audit
booqable-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
booqable-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include User-controlled input to external LLM-powered tool, Broad execution capabilities delegated to external MCP with user-influenced inputs.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad execution capabilities delegated to external MCP with user-influenced inputs The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` (specifically `run_composio_tool()`). These tools appear to grant extensive execution capabilities on the Rube MCP. The `tool_slug` and `arguments` for `RUBE_MULTI_EXECUTE_TOOL` are derived from the results of `RUBE_SEARCH_TOOLS`, which are influenced by user-provided `use_case` queries. This creates a potential exploit path where a malicious user could craft a `use_case` that, if processed by a compromised or manipulated Rube MCP, could lead to the suggestion and subsequent execution of arbitrary or harmful operations (e.g., data exfiltration, unauthorized modifications, or even remote code execution if the MCP allows it) through `RUBE_MULTI_EXECUTE_TOOL` or `RUBE_REMOTE_WORKBENCH`. The skill itself does not implement safeguards against malicious tool definitions returned by the MCP. 1. **Strict Tool Whitelisting/Validation:** The Rube MCP should implement strict whitelisting and validation of `tool_slug`s and `arguments` to prevent the execution of unauthorized or malicious tools. 2. **Input Sanitization:** Ensure all inputs, especially those derived from user queries, are thoroughly sanitized and validated before being used to determine tool execution. 3. **Least Privilege:** Review the capabilities exposed by `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` to ensure they operate with the principle of least privilege. 4. **User Awareness:** The skill documentation should explicitly warn users about the risks of providing untrusted input to the `use_case` parameter, as it can influence subsequent tool execution. 5. **Secure MCP Connection:** Ensure the connection to `https://rube.app/mcp` is authenticated and authorized securely, preventing unauthorized parties from manipulating tool discovery or execution. | LLM | SKILL.md:38 | |
| MEDIUM | User-controlled input to external LLM-powered tool The `RUBE_SEARCH_TOOLS` function takes a `use_case` parameter, which is directly influenced by user input. If the Rube MCP internally uses an LLM to process this `use_case` for tool discovery, it could be vulnerable to prompt injection attacks. A malicious user could craft a `use_case` string to manipulate the MCP's internal LLM, potentially leading to unintended tool suggestions or behaviors. Implement robust input sanitization and validation for the `use_case` parameter within the Rube MCP. If the `use_case` is passed to an internal LLM, ensure strict guardrails are in place to prevent prompt injection. The skill developer should advise users to be cautious with `use_case` inputs. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/b06a557817c450e7)
Powered by SkillShield