Security Audit
byteforms-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
byteforms-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned MCP dependency, Broad MCP tool access, Potential command injection via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned MCP dependency The skill manifest specifies a dependency on the 'rube' MCP without a version constraint. This means the skill will always fetch the latest version of the MCP. A malicious or breaking update to the 'rube' MCP could introduce vulnerabilities or backdoors without explicit review, posing a significant supply chain risk. Pin the 'rube' MCP dependency to a specific, trusted version (e.g., `{"mcp": ["rube@1.2.3"]}`) to ensure stability and security. Regularly review and update the pinned version. | LLM | SKILL.md | |
| MEDIUM | Broad MCP tool access The skill utilizes generic Rube MCP tools such as `RUBE_MANAGE_CONNECTIONS` and `RUBE_MULTI_EXECUTE_TOOL`. While the skill's documentation focuses on Byteforms, these tools are not inherently scoped to Byteforms. `RUBE_MANAGE_CONNECTIONS` can manage connections for any toolkit, and `RUBE_MULTI_EXECUTE_TOOL` can execute any tool available through Rube MCP. This grants the agent broader permissions than strictly necessary for Byteforms automation, potentially allowing it to interact with other services or data sources if manipulated. If possible, restrict the agent's access to Rube MCP tools to only those specifically required for Byteforms, or ensure that the Rube MCP itself enforces fine-grained permissions based on the calling context. Alternatively, clearly document the full scope of capabilities granted by these tools. | LLM | SKILL.md:30 | |
| MEDIUM | Potential command injection via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. The term 'workbench' and the nature of `run_composio_tool()` suggest it might allow execution of arbitrary code or commands. If the inputs to `run_composio_tool()` are not properly sanitized, or if the underlying implementation allows for shell command injection, an attacker could execute arbitrary commands on the host system or the Rube MCP environment. Ensure that `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` strictly validate and sanitize all inputs, and operate within a secure, sandboxed environment that prevents arbitrary command execution. Provide clear documentation on the security implications and usage guidelines for this tool. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/c5e9644aa750ce9c)
Powered by SkillShield