Security Audit
composio-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
composio-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dynamic Tool Execution with Potential for Excessive Permissions, Potential for Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' often implies a flexible execution environment, and `run_composio_tool()` suggests a generic runner for Composio tools. If `run_composio_tool()` allows the execution of arbitrary code or commands within the Composio environment, or if it can invoke Composio tools that themselves have such capabilities, this could lead to command injection or arbitrary code execution. This could bypass security controls, compromise the host system, or lead to sensitive data exposure. The skill does not define the exact capabilities of `run_composio_tool()`, but its generic nature and the 'workbench' context raise a significant security concern. Clarify the exact capabilities and security implications of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution or access to sensitive system resources, it should be restricted or removed. Implement strict input validation and sandboxing for any code executed via this mechanism. Ensure that the LLM is not instructed to pass untrusted input directly to `run_composio_tool()` without proper sanitization and validation. | LLM | SKILL.md:87 | |
| MEDIUM | Dynamic Tool Execution with Potential for Excessive Permissions The skill instructs the LLM to dynamically discover available tools via `RUBE_SEARCH_TOOLS` and subsequently execute them using `RUBE_MULTI_EXECUTE_TOOL` with `tool_slug: "TOOL_SLUG_FROM_SEARCH"`. This pattern allows the LLM to invoke any tool provided by the Composio toolkit. If the Composio toolkit includes tools with broad system access (e.g., file system manipulation, arbitrary network requests, or sensitive data access), the LLM could be guided to perform operations with excessive permissions, potentially leading to data loss, unauthorized access, or system compromise. The skill itself does not define the specific capabilities or permissions of these dynamically discovered tools. Ensure that the Composio toolkit, when integrated with Rube MCP, provides granular permission controls for individual tools. Implement strict sandboxing and least-privilege principles for all Composio tools. The LLM should be explicitly instructed to only use tools with the minimum necessary permissions for the task. Consider implementing a mechanism to review or approve tool execution for sensitive operations, especially when tools are dynamically discovered. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/de7b9a3b8b892a84)
Powered by SkillShield