Security Audit

circleci-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

circleci-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Excessive Write and Read Permissions to CI/CD System, Unpinned Dependency in Skill Manifest.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Excessive Write and Read Permissions to CI/CD System The skill grants broad write access to the CircleCI CI/CD system via `CIRCLECI_TRIGGER_PIPELINE`, allowing the agent to initiate new builds, deployments, or other arbitrary CI/CD processes. This capability, if misused or compromised, could lead to arbitrary code execution within the CI/CD environment, deployment of malicious code, or resource exhaustion. Additionally, the skill allows retrieval of potentially sensitive build artifacts via `CIRCLECI_GET_JOB_ARTIFACTS`, which could expose secrets, source code, or other confidential data if the agent is compromised and instructed to exfiltrate them. Implement strict access controls and authorization checks for the agent's use of this skill. Consider if the agent truly requires the ability to trigger pipelines or retrieve all artifacts, or if a more granular, read-only, or approval-gated access model is appropriate. Ensure the underlying CircleCI connection has the principle of least privilege applied.	Static	SKILL.md:35
MEDIUM	Unpinned Dependency in Skill Manifest The skill's manifest specifies a dependency on 'rube' without a pinned version (`'rube'` instead of `'rube==X.Y.Z'`). This means that any new version of the 'rube' package could be used, potentially introducing breaking changes, vulnerabilities, or even malicious code if the package maintainer's repository is compromised. This constitutes a supply chain risk. Pin the 'rube' dependency to a specific, known-good version (e.g., `"rube==1.2.3"`) to ensure deterministic builds and prevent unexpected changes or vulnerabilities from being introduced through dependency updates. Regularly review and update pinned dependencies.	Static	Manifest:3

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4c6e13579f150ba3.svg)](https://skillshield.io/report/4c6e13579f150ba3)