Security Audit

clearout-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clearout-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic Tool Execution Grants Excessive Permissions and Command Injection Risk, LLM Interaction with Authentication Links Poses Credential Exposure Risk.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Dynamic Tool Execution Grants Excessive Permissions and Command Injection Risk The skill instructs the LLM to dynamically discover and execute tools via `RUBE_SEARCH_TOOLS`, `RUBE_MULTI_EXECUTE_TOOL`, and `RUBE_REMOTE_WORKBENCH`. This pattern allows the LLM to execute arbitrary tools available through the Rube MCP. If a malicious tool is registered or if the underlying Composio tools have vulnerabilities, this could lead to command injection, data exfiltration, or unauthorized actions. The instruction to 'Always search first' means the LLM's capabilities are not fixed but determined at runtime, increasing the attack surface if the Rube MCP or tool definitions are compromised. Implement strict allowlisting for `tool_slug` values that the LLM is permitted to execute. Ensure all tools available via Rube MCP are thoroughly vetted for security vulnerabilities and sandboxed. Implement robust input validation and sanitization for all tool arguments. Consider a human-in-the-loop approval for execution of high-risk tools or operations.	LLM	SKILL.md:50
HIGH	LLM Interaction with Authentication Links Poses Credential Exposure Risk The skill instructs the LLM to 'follow the returned auth link to complete setup' when using `RUBE_MANAGE_CONNECTIONS`. This requires the LLM to process and potentially interact with sensitive authentication URLs. An attacker could craft a malicious auth link or manipulate the LLM into extracting sensitive information (e.g., tokens, session IDs) from a legitimate auth link and exfiltrating it. Avoid instructing the LLM to directly 'follow' or process sensitive authentication links. Instead, delegate this step to a human user or a dedicated, secure service. If LLM interaction is unavoidable, implement strict URL parsing and validation, and ensure the LLM operates within a highly restricted sandbox that prevents exfiltration of URL components.	LLM	SKILL.md:32

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b7301158b24c5d7e.svg)](https://skillshield.io/report/b7301158b24c5d7e)