Security Audit

coinranking-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

coinranking-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Prompt Injection in RUBE_SEARCH_TOOLS 'use_case', Broad Rube MCP requirement grants excessive tool access.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Prompt Injection in RUBE_SEARCH_TOOLS 'use_case' The skill instructs users to provide natural language input for the 'use_case' parameter in 'RUBE_SEARCH_TOOLS'. This input is likely processed by an underlying LLM within the Rube MCP to determine relevant tools or execution plans. An attacker could craft a malicious 'use_case' string to manipulate the internal LLM's behavior, potentially leading to the selection of unintended tools, altered execution logic, or information disclosure. Implement robust input sanitization and instruction guarding for the 'use_case' parameter within the Rube MCP system. Ensure that user-provided natural language input cannot override or manipulate core system instructions or lead to unintended tool selections. Consider using a separate, constrained input field for specific tool names if direct selection is preferred for sensitive operations.	LLM	SKILL.md:60
MEDIUM	Broad Rube MCP requirement grants excessive tool access The skill's manifest declares a dependency on the entire 'rube' MCP ('"mcp": ["rube"]'). This grants the skill access to all tools exposed by the Rube MCP, not just those specifically related to Coinranking. While the skill's stated purpose is Coinranking automation, this broad permission could allow an attacker to leverage the skill to access or execute other unrelated tools if they are exposed by the Rube MCP. Additionally, the mention of 'RUBE_REMOTE_WORKBENCH' with 'run_composio_tool()' further highlights the potential for executing arbitrary Composio tools. If possible, narrow down the required MCP permissions to only the specific toolkits or functionalities absolutely necessary for the skill (e.g., '{"mcp": ["rube:coinranking"]}' if such granular permissions are supported by Composio). Clearly document the full scope of permissions granted by 'rube' MCP and any potential risks.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4c2778a1a7e9b14c.svg)](https://skillshield.io/report/4c2778a1a7e9b14c)