Security Audit

castingwords-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

castingwords-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Broad tool execution via Rube MCP, Dynamic tool discovery introduces supply chain risk.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Broad tool execution via Rube MCP The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` to execute tools dynamically discovered via `RUBE_SEARCH_TOOLS`. This grants the LLM the ability to perform any operation exposed by the `castingwords` toolkit (or potentially other toolkits if `RUBE_SEARCH_TOOLS` is not sufficiently scoped) without explicit permission checks for individual actions. `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` suggests a highly privileged execution environment for bulk operations. This broad access could lead to unauthorized data manipulation, deletion, or access if the underlying tools are misused or malicious. Implement granular permissions for specific tool actions within the Rube MCP or Composio framework. The skill should ideally request permissions for specific `tool_slug`s or categories of operations rather than a blanket "execute any discovered tool." For `RUBE_REMOTE_WORKBENCH`, ensure its capabilities are strictly limited and audited.	LLM	SKILL.md:49
MEDIUM	Dynamic tool discovery introduces supply chain risk The skill explicitly advises the LLM to "Always search first" using `RUBE_SEARCH_TOOLS` to get current tool schemas and avoid hardcoding. While this improves robustness, it means the skill's behavior is dynamically determined by the Rube MCP and the `castingwords` toolkit definitions at runtime. A compromise of the Rube MCP server (`https://rube.app/mcp`) or the `composio.dev/toolkits/castingwords` source could lead to the LLM being instructed to execute malicious or altered tools, effectively turning the skill into a supply chain attack vector. Implement mechanisms to verify the integrity and authenticity of tool schemas retrieved from `RUBE_SEARCH_TOOLS`. Consider pinning to specific versions of toolkits or schemas where possible, or requiring cryptographic signatures for tool definitions. Regularly audit the Rube MCP and Composio toolkit sources for vulnerabilities.	LLM	SKILL.md:60

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f1c6e02268149304.svg)](https://skillshield.io/report/f1c6e02268149304)