Security Audit
brex-staging-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
brex-staging-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Broad access to financial staging environment, External MCP dependency from unverified source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad access to financial staging environment The skill provides the LLM with extensive capabilities to interact with a Brex Staging environment via Rube MCP. Tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` allow for dynamic execution of various Brex Staging operations. While the skill emphasizes dynamic discovery and schema compliance, a compromised LLM could be coerced into performing unauthorized or malicious actions on the staging environment, potentially manipulating sensitive (even if simulated) financial data or processes. The `RUBE_REMOTE_WORKBENCH` in particular suggests a powerful, potentially less constrained, execution environment for 'bulk ops' and `run_composio_tool()`, increasing the attack surface. Implement strict access controls and monitoring on the Rube MCP and Brex Staging environment. Ensure that the LLM's execution environment is sandboxed and that user prompts are rigorously validated to prevent prompt injection that could lead to misuse of these powerful tools. Review the specific capabilities exposed by `brex_staging` via Rube MCP, especially `RUBE_REMOTE_WORKBENCH`, to ensure least privilege and granular permissions. | LLM | SKILL.md:39 | |
| MEDIUM | External MCP dependency from unverified source The skill explicitly instructs to add `https://rube.app/mcp` as an MCP server. Relying on an external, potentially unverified, third-party service for core tool execution introduces a supply chain risk. If `rube.app` were compromised or became malicious, it could directly impact the security and integrity of the operations performed by this skill, potentially leading to data exfiltration, command injection, or other severe consequences. The skill definition itself doesn't provide mechanisms for verifying the integrity or authenticity of the `rube.app` endpoint. Implement a robust vetting process for third-party MCPs. Consider hosting or mirroring critical MCP components internally, or using signed and verified MCP sources. Regularly monitor the security posture of `rube.app` and ensure secure communication channels (e.g., TLS pinning) are enforced when interacting with external MCPs. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/5a05928ebf072016)
Powered by SkillShield