Security Audit

campaign-cleaner-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

campaign-cleaner-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill grants broad, dynamic tool execution capabilities via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Skill grants broad, dynamic tool execution capabilities via Rube MCP The skill package requires the `rube` MCP (as indicated by `"mcp": ["rube"]` in the manifest) and instructs the LLM to use its tools, specifically `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. While the examples focus on 'Campaign Cleaner operations', the `rube` MCP is a meta-tool designed for dynamic discovery and execution of any tool available through Composio. This means the LLM, when using this skill, gains the capability to discover and execute tools across all connected Composio toolkits, not just 'Campaign Cleaner'. This broad access could lead to unauthorized actions or data manipulation in other integrated systems (e.g., CRM, HR, financial tools) if the LLM's usage is not strictly confined by external guardrails or explicit instructions to limit its scope. Implement strict guardrails around the LLM's ability to discover and execute tools beyond the intended 'campaign_cleaner' scope. Ensure the LLM is explicitly instructed to only use `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL` for `campaign_cleaner` operations. If possible, configure the `rube` MCP or a proxy layer to restrict the available toolkits or tool slugs that the LLM can access and execute.	LLM	SKILL.md:26

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a3d9ff0c59924f6c.svg)](https://skillshield.io/report/a3d9ff0c59924f6c)