Security Audit
census-bureau-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
census-bureau-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dynamic Tool Schema Loading Poses Supply Chain Risk, Potentially Excessive Permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dynamic Tool Schema Loading Poses Supply Chain Risk The skill explicitly instructs the LLM to dynamically fetch tool schemas using `RUBE_SEARCH_TOOLS` and warns against hardcoding tool slugs or arguments. This design means the operational definition of the tools (including their capabilities and required inputs) is loaded at runtime from an external source (Rube MCP/Composio). If the Rube MCP or Composio's toolkit registry were compromised, malicious tool schemas could be injected, leading the LLM to execute arbitrary harmful operations or exfiltrate data under the guise of legitimate Census Bureau tasks. There is no mechanism described to pin tool versions or validate schema integrity, increasing the supply chain risk. Implement a mechanism to validate the integrity and authenticity of dynamically loaded tool schemas. Consider pinning to specific, trusted versions of tool schemas or requiring cryptographic signatures for schema definitions. Provide clear guidance on how to verify the source of tool schemas. | LLM | SKILL.md:20 | |
| MEDIUM | Potentially Excessive Permissions via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and 'run_composio_tool()' suggests a powerful, potentially unconstrained execution environment. If `run_composio_tool()` allows arbitrary code execution, shell commands, or broad access to system resources, and its arguments can be influenced by untrusted input (e.g., from a user prompt), it represents a significant risk for command injection and excessive permissions. Without further details on the sandboxing and capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, this poses an unknown but potentially high risk. Provide detailed documentation on the security implications, sandboxing, and specific capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that these tools operate with the principle of least privilege and that any user-controlled inputs are rigorously sanitized and validated to prevent command injection or unintended access. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/293fde763379dc90)
Powered by SkillShield