Security Audit
conversion-tools-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
conversion-tools-automation received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unversioned External MCP Dependency, Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH, Ambiguous Handling of Authentication Links.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unversioned External MCP Dependency The skill relies on an external Managed Control Plane (MCP) named 'Rube' located at `https://rube.app/mcp`. There is no version pinning or integrity checking mechanism specified for this dependency or the 'Conversion Tools' toolkit it provides. A compromise of the Rube MCP or its hosted tools could lead to the execution of malicious code, data exfiltration, or other security breaches when the LLM uses the `RUBE_*` tools. Implement version pinning or integrity checks for the Rube MCP and its toolkits. Ensure the Rube MCP provider has robust security practices and a clear incident response plan. Consider sandboxing the execution environment for tools provided by external MCPs. | LLM | SKILL.md:1 | |
| HIGH | Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' using `run_composio_tool()`. The term 'workbench' and the general nature of 'bulk operations' suggest that this tool might allow for the execution of arbitrary code or highly privileged operations. If `run_composio_tool()` can be supplied with user-controlled or malicious code/arguments, it could lead to command injection on the host system or within the Rube MCP environment, granting excessive permissions. The skill does not provide examples or constraints for its usage, making its capabilities unclear and potentially dangerous. Provide clear documentation and examples for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, detailing their exact capabilities and any security restrictions. Ensure that `run_composio_tool()` cannot execute arbitrary code or commands, and that its operations are strictly sandboxed and limited to its intended function. If arbitrary code execution is intended, it must be explicitly acknowledged and secured with strong isolation. | LLM | SKILL.md:70 | |
| MEDIUM | Ambiguous Handling of Authentication Links The skill instructs the LLM to 'follow the returned auth link to complete setup' for `RUBE_MANAGE_CONNECTIONS`. Without clear guidelines on how the LLM should securely process or interact with such links (e.g., ensuring it's not exposed, redirected, or processed in an insecure manner), there's a risk of credential harvesting or data exfiltration. A malicious or compromised auth link could trick the LLM into exposing sensitive tokens or redirecting to an attacker-controlled site. Provide explicit instructions on how the LLM should securely handle authentication links, such as only opening them in a secure, sandboxed browser environment, or ensuring they are never exposed or transmitted. Clarify that the LLM should not attempt to parse or extract sensitive information from the URL itself unless explicitly instructed and validated. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/cbaee35543e0ef03)
Powered by SkillShield