Security Audit
corrently-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
corrently-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned MCP dependency, Potential arbitrary code execution via RUBE_REMOTE_WORKBENCH, Reliance on external MCP for sensitive operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned MCP dependency The skill's manifest specifies a dependency on the 'rube' MCP without a version constraint. This allows any version of the MCP to be used, which could lead to unexpected behavior, compatibility issues, or the introduction of vulnerabilities if a malicious or buggy version is published. It's a supply chain risk as the skill's behavior is not locked to a known, tested version of its core dependency. Pin the 'rube' MCP dependency to a specific, trusted version or a version range (e.g., `mcp: ["rube@1.2.3"]` or `mcp: ["rube@^1.0.0"]`) in the skill's manifest. | LLM | Manifest | |
| HIGH | Potential arbitrary code execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as an option for 'Bulk ops'. The term 'workbench' and the ability to 'run_composio_tool()' within it suggest a powerful execution environment that could potentially allow arbitrary code execution or command injection if not properly sandboxed and restricted. Without clear documentation on its security boundaries, this tool poses a significant risk for excessive permissions and potential command injection. Provide clear and explicit documentation on the security boundaries and capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it operates within a strictly sandboxed environment, does not permit arbitrary code execution, and has limited access to sensitive host resources. If it's intended for advanced users with inherent risks, this should be explicitly stated with warnings. | LLM | SKILL.md:67 | |
| MEDIUM | Reliance on external MCP for sensitive operations The skill delegates all core functionality (tool discovery, connection management, tool execution) to an external Rube MCP, hosted at `https://rube.app/mcp`. While this is a design choice, it introduces a dependency on an external service for potentially sensitive operations. If this external MCP or the underlying Corrently toolkit were compromised or malicious, it could lead to unauthorized data access, modification, or exfiltration through the `RUBE_MULTI_EXECUTE_TOOL` or `RUBE_MANAGE_CONNECTIONS` interfaces. The skill itself acts as a proxy for these operations, making its security contingent on the external service. Users should be made explicitly aware of the trust implications of using external MCPs and the data flows involved. Implement robust monitoring and auditing of interactions with external services. Ensure that the Rube MCP and Corrently toolkit providers adhere to strong security practices and provide transparency regarding their data handling and security measures. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/b42e36d63dca2537)
Powered by SkillShield