Security Audit
bugbug-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
bugbug-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill promotes broad tool access via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill promotes broad tool access via Rube MCP The skill instructs the AI agent to use `RUBE_SEARCH_TOOLS` with a broad `use_case` ("Bugbug operations") and then execute any discovered tool via `RUBE_MULTI_EXECUTE_TOOL`. Additionally, it mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for bulk operations. This design enables the agent to discover and execute a wide range of functionalities exposed by the Bugbug toolkit through Rube MCP. If the underlying Bugbug toolkit exposes sensitive operations and the agent's overall system prompt is not sufficiently constrained, this could lead to unintended or unauthorized actions. Consider providing more specific `use_case` examples or guidance on how to narrow down tool discovery. Emphasize the importance of agent-level constraints and careful prompt engineering to limit the scope of actions an agent can perform with these powerful tools. If possible, recommend using more granular tool access patterns. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/6263ce44a143cab4)
Powered by SkillShield