Security Audit
carbone-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
carbone-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill instructs LLM to use broad tool execution capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs LLM to use broad tool execution capabilities The skill guides the LLM to utilize `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` which enable the execution of arbitrary tools and operations within the Carbone toolkit via the Rube MCP. This grants the LLM extensive and potentially unconstrained permissions to interact with and manipulate Carbone resources, increasing the risk of unauthorized actions or data exposure if misused. The skill does not define specific constraints on the types of operations the LLM is permitted to perform. Implement granular access controls within the Rube MCP and Carbone toolkit to restrict the scope of operations available to the LLM. Define specific, limited tool functionalities that the LLM is permitted to invoke, rather than allowing general execution of arbitrary tools. Ensure that critical or sensitive operations require explicit human approval or additional verification steps. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/34c67d70e1c2c023)
Powered by SkillShield