Security Audit
centralstationcrm-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
centralstationcrm-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include RUBE_REMOTE_WORKBENCH enables broad, potentially unconstrained tool execution, Dynamic tool discovery and execution may lead to excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | RUBE_REMOTE_WORKBENCH enables broad, potentially unconstrained tool execution The skill documentation suggests using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for "Bulk ops". The term "workbench" implies a general-purpose execution environment. If `run_composio_tool()` can execute arbitrary Composio tools, or if the workbench itself allows for arbitrary code/command execution, this presents a significant security risk. It could grant the AI agent excessive permissions beyond the intended Centralstationcrm scope, potentially leading to data manipulation, unauthorized access, or command injection if the underlying tools are not strictly sandboxed and validated. The documentation does not specify any scope limitations or sandboxing for this functionality. Clearly define and enforce the scope of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it is strictly limited to Centralstationcrm operations or a predefined, safe set of actions. Implement robust input validation, strict sandboxing, and privilege separation for any code or tools executed within the workbench. Provide explicit warnings about its capabilities if it's intended to be broad. | LLM | SKILL.md:60 | |
| MEDIUM | Dynamic tool discovery and execution may lead to excessive permissions The skill relies on `RUBE_SEARCH_TOOLS` to discover tool slugs and `RUBE_MULTI_EXECUTE_TOOL` to execute them. While this offers flexibility, if `RUBE_SEARCH_TOOLS` can return tool slugs from *any* Composio toolkit (not just `centralstationcrm`) and `RUBE_MULTI_EXECUTE_TOOL` can execute them without strict validation against the skill's intended scope, an attacker could potentially manipulate the LLM to discover and execute tools with capabilities beyond Centralstationcrm automation. This could grant the agent excessive permissions to interact with other integrated systems or perform unintended actions. Implement strict scoping for `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL` within the context of this skill. Ensure that only `centralstationcrm` toolkit tools are discoverable and executable. This could involve whitelisting toolkits or slugs, or enforcing a policy at the Rube MCP level based on the skill's manifest. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/903fecb36cdb697b)
Powered by SkillShield