Security Audit
browserhub-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
browserhub-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Broad tool execution via RUBE_REMOTE_WORKBENCH, Unpinned external dependency and dynamic tool discovery, Potential for data exfiltration via Browserhub access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution via RUBE_REMOTE_WORKBENCH The skill exposes `RUBE_REMOTE_WORKBENCH` which can execute `run_composio_tool()`. This allows the LLM to potentially invoke any tool available through Composio, not just those related to Browserhub, granting excessive and potentially unintended permissions. This could lead to actions outside the skill's stated purpose, such as interacting with other connected services or performing unauthorized operations. Restrict the capabilities of `RUBE_REMOTE_WORKBENCH` to only Browserhub-specific operations, or provide a more granular tool for bulk operations that explicitly limits the scope of callable tools. Ensure the LLM is only instructed to use this for its intended purpose and that the underlying `run_composio_tool()` function enforces strict access controls. | LLM | SKILL.md:68 | |
| MEDIUM | Unpinned external dependency and dynamic tool discovery The skill relies on `https://rube.app/mcp` for tool definitions and execution without version pinning or integrity checks. Tool schemas are dynamically discovered via `RUBE_SEARCH_TOOLS`. A compromise of the `rube.app` service or malicious modification of tool definitions could introduce vulnerabilities or unintended behavior into the skill's execution without requiring an update to the skill package itself, posing a significant supply chain risk. Implement mechanisms to verify the integrity and authenticity of tool definitions served by `rube.app`. Consider version pinning for the MCP or specific toolkits if possible, or at least implement robust monitoring for changes in tool schemas and behavior to detect malicious updates. | LLM | SKILL.md:22 | |
| LOW | Potential for data exfiltration via Browserhub access The skill grants access to Browserhub operations, which can interact with and retrieve content from web pages. While the skill itself does not explicitly instruct exfiltration, an LLM using this skill could be prompted to access sensitive information (e.g., user data, internal documents, session cookies) from web pages and then output or transmit it, leading to data exfiltration. This is an inherent risk of browser automation tools when not properly constrained. Implement strict access controls and data handling policies for any information retrieved via Browserhub. Ensure the LLM's output is sanitized and reviewed, and that it operates within a sandboxed environment with limited network access for sensitive data. Restrict Browserhub's access to sensitive domains or data types where possible. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/d5759df7f0ec8842)
Powered by SkillShield