Security Audit
corrently-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
corrently-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Broad Tool Execution via RUBE_MULTI_EXECUTE_TOOL, Unversioned External Service Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. If `run_composio_tool()` allows arbitrary code execution (e.g., Python `eval`, `exec`, `subprocess` calls) within the remote workbench environment, this presents a significant command injection vulnerability. An attacker could craft inputs to the LLM that lead to malicious code execution on the remote system. Clarify and restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it operates within a sandboxed, least-privilege environment. Implement strict input validation and whitelisting for commands or scripts executed. | LLM | SKILL.md:60 | |
| MEDIUM | Broad Tool Execution via RUBE_MULTI_EXECUTE_TOOL The skill allows the LLM to execute any tool provided by the `corrently` toolkit via `RUBE_MULTI_EXECUTE_TOOL`. The specific capabilities and permissions of the `corrently` toolkit's tools are not defined within this skill's context. If these tools possess broad system access (e.g., file system read/write, arbitrary network requests), this could lead to excessive permissions, allowing an attacker to leverage the LLM to perform unintended actions. Implement a granular permission model for individual tools within the `corrently` toolkit. Ensure that the LLM only has access to the minimum necessary tools and actions required for its intended function. Provide clear documentation of each tool's capabilities and required permissions. | LLM | SKILL.md:45 | |
| MEDIUM | Unversioned External Service Dependencies The skill relies on external services, specifically `Rube MCP` (`https://rube.app/mcp`) and the `Composio Corrently toolkit` (`https://composio.dev/toolkits/corrently`). There is no explicit versioning or integrity checking mechanism mentioned for these dependencies. A compromise or malicious update to these upstream services could introduce vulnerabilities or backdoors into the skill's operations without detection. Implement mechanisms to verify the integrity and version of external services or toolkits. Consider using trusted, sandboxed environments for executing external tools. Regularly audit the security posture of third-party dependencies. | LLM | SKILL.md:3 |
Scan History
Embed Code
[](https://skillshield.io/report/c87e0efe2de1f5a5)
Powered by SkillShield