Security Audit

conveyor-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

conveyor-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Prompt Injection via RUBE_SEARCH_TOOLS use_case parameter, Broad tool execution capability via RUBE_REMOTE_WORKBENCH.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Prompt Injection via RUBE_SEARCH_TOOLS use_case parameter The skill documentation instructs the agent to pass user-provided input as the `use_case` parameter to `RUBE_SEARCH_TOOLS`. If the Rube MCP backend uses an LLM to process this `use_case` for tool discovery, a malicious user could inject prompts to manipulate the backend LLM's behavior, potentially leading to unexpected tool suggestions or actions, or even unintended tool executions if the LLM's output is directly used to select or configure tools. Implement robust input sanitization and validation for the `use_case` parameter within the Rube MCP tool. If `use_case` is fed to an LLM, employ prompt engineering techniques (e.g., few-shot examples, delimiters) to isolate user input and prevent manipulation. Consider restricting the complexity or content of `use_case` inputs.	LLM	SKILL.md:43
MEDIUM	Broad tool execution capability via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. While the skill is named `conveyor-automation`, `run_composio_tool()` suggests the ability to execute any tool available through Composio, not just those specific to Conveyor. This could grant the agent broader permissions than intended, potentially allowing access to other integrated systems or functionalities if a malicious prompt induces the agent to use this tool for non-Conveyor operations. Clarify the scope of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it's intended to be limited to Conveyor tools, enforce this restriction within the tool's implementation or provide guidance on how to limit its use. If it's truly for any Composio tool, ensure the skill's description accurately reflects this broad capability and that users are aware of the full scope of permissions granted.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f3156533202230c9.svg)](https://skillshield.io/report/f3156533202230c9)