Security Audit

chatfai-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

chatfai-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection / Excessive Permissions via RUBE_REMOTE_WORKBENCH, Excessive Permissions via RUBE_MULTI_EXECUTE_TOOL.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection / Excessive Permissions via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. Without further context on the capabilities and sandboxing of `run_composio_tool()`, this tool presents a significant risk. If `run_composio_tool()` allows execution of arbitrary code, shell commands, or access to system resources beyond the intended Chatfai scope, it could lead to command injection, data exfiltration, or other unauthorized actions. The term 'workbench' often implies a powerful, flexible execution environment that could be abused. 1. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. 2. Ensure `run_composio_tool()` is strictly sandboxed and only allows operations within the intended Chatfai toolkit scope. 3. If it allows arbitrary code execution, this tool should be removed or its usage severely restricted and documented with explicit security warnings. 4. Provide a detailed schema for `RUBE_REMOTE_WORKBENCH` to show what arguments `run_composio_tool()` accepts and what it can do.	LLM	SKILL.md:78
MEDIUM	Excessive Permissions via RUBE_MULTI_EXECUTE_TOOL The `RUBE_MULTI_EXECUTE_TOOL` is designed to execute any tool discovered by `RUBE_SEARCH_TOOLS`. While the skill intends this for 'Chatfai operations', the tool itself is generic. If `RUBE_SEARCH_TOOLS` can discover tools that are not strictly within the Chatfai toolkit or possess broader system access (e.g., file system, network, other MCPs), then `RUBE_MULTI_EXECUTE_TOOL` could be used to execute unintended or overly privileged operations. This creates an excessive permissions vulnerability where the LLM could be prompted to execute tools beyond the intended scope. 1. Ensure `RUBE_SEARCH_TOOLS` is strictly scoped to only return tools relevant to the `chatfai` toolkit. 2. Implement strict access controls or allow-listing for tools that can be executed by `RUBE_MULTI_EXECUTE_TOOL`. 3. Provide clear documentation on the scope of tools discoverable and executable through this mechanism.	LLM	SKILL.md:53

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/18e8843d34aad23b.svg)](https://skillshield.io/report/18e8843d34aad23b)