Security Audit
deadline-funnel-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
deadline-funnel-automation received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Tool Permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Tool Permissions via RUBE_REMOTE_WORKBENCH The skill explicitly instructs the agent to use `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' and mentions `run_composio_tool()`. This suggests the agent is granted access to a generic execution environment capable of running arbitrary Composio tools. Depending on the underlying Composio tool capabilities, this could allow for broad operations beyond the scope of 'Deadline Funnel automation', potentially including file system access, arbitrary network requests, or shell command execution, leading to excessive permissions for the agent. Review the necessity of exposing `RUBE_REMOTE_WORKBENCH` for this skill. If required, ensure that the underlying `run_composio_tool()` function is strictly sandboxed and only permits operations relevant to Deadline Funnel, or that the agent is explicitly constrained from using it for unintended purposes. Consider removing this capability if it's not essential for the skill's core function. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/3099158748ab1e3f)
Powered by SkillShield