Security Audit

crowdin-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

crowdin-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad tool execution via RUBE_REMOTE_WORKBENCH.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Broad tool execution via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This suggests the ability to execute arbitrary Composio tools, potentially extending the skill's capabilities beyond Crowdin-specific operations. If `run_composio_tool()` can invoke any Composio tool, it grants the skill access to a much broader set of functionalities and potentially sensitive systems than implied by its 'crowdin-automation' name. This could lead to unintended actions or privilege escalation if the underlying Composio tools have broad permissions. Clarify the scope of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows execution of any Composio tool, consider restricting its capabilities for this specific skill to only Crowdin-related tools, or explicitly document the broader permissions and their implications. Implement strict access controls and sandboxing for `RUBE_REMOTE_WORKBENCH` to prevent unintended access to non-Crowdin functionalities.	LLM	SKILL.md:80

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/11cadb5db0175eb4.svg)](https://skillshield.io/report/11cadb5db0175eb4)