Security Audit
customjs-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
customjs-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad Tool Execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad Tool Execution via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to offer a broad and potentially less constrained execution environment for Composio tools. An attacker could potentially craft a prompt that leads the LLM to use this powerful tool to perform a wide range of unauthorized actions or complex operations beyond the intended scope of specific Customjs tasks, increasing the attack surface. Consider if `RUBE_REMOTE_WORKBENCH` is strictly necessary for the skill's stated purpose. If so, provide clear guidelines or constraints within the skill's instructions on its safe and intended use. Ensure the underlying `run_composio_tool()` is properly sandboxed and has granular permission controls to prevent unintended or malicious use. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/4d985436a1e81058)
Powered by SkillShield