Security Audit
clearout-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
clearout-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad Tool Access via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad Tool Access via Rube MCP The skill documentation describes how to use `RUBE_SEARCH_TOOLS` to discover all available Clearout tools and `RUBE_MULTI_EXECUTE_TOOL` to execute any of them. It also mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' and `run_composio_tool()`. This design grants the LLM access to the full range of operations exposed by the Clearout toolkit through Rube MCP, without explicit restrictions within the skill itself. If the Clearout toolkit includes highly sensitive operations (e.g., data deletion, account modification, or arbitrary code execution via `run_composio_tool()`), an attacker could potentially prompt the LLM to execute these operations, leading to unintended consequences or data manipulation. Implement fine-grained access control within the Rube MCP or Clearout toolkit to restrict which specific tools or operations the agent can perform. Alternatively, the skill could be designed to only expose a subset of safe operations, or require explicit user confirmation for sensitive actions. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/21671b8173b18630)
Powered by SkillShield