Security Audit
cloudflare-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
cloudflare-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Cloudflare Automation Capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Cloudflare Automation Capabilities The skill enables an AI agent to automate a wide range of Cloudflare operations through the Rube MCP. While the specific permissions are determined by the user's Cloudflare connection to Rube MCP, the skill itself provides the mechanism for the LLM to access and potentially control critical Cloudflare services (e.g., DNS, security, access management). This broad access, if not carefully managed by the LLM's internal reasoning and user prompts, poses a significant risk for unintended or malicious actions, including data modification, service disruption, or security misconfigurations. Implement strict access controls and least privilege principles for the Cloudflare API key connected to Rube MCP. Ensure the LLM's internal safety mechanisms and prompt engineering limit its ability to perform destructive or overly broad actions without explicit user confirmation. Consider breaking down the skill into more granular sub-skills with narrower scopes if possible, or requiring explicit user approval for high-impact operations. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b5205d2e6399955d)
Powered by SkillShield