Security Audit
detrack-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
detrack-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad execution capabilities via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad execution capabilities via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to offer a highly flexible execution environment, potentially allowing the LLM to execute arbitrary Composio tools or functions. If `run_composio_tool()` lacks fine-grained access controls or sandboxing, an LLM could be prompted to perform actions beyond the intended scope of Detrack automation, leading to unauthorized data access, modification, or other malicious activities. Implement strict access controls and sandboxing for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that the LLM's access to these tools is limited to specific, pre-approved Composio tools and arguments, and that any execution is performed within a least-privilege environment. Provide clear documentation on the exact capabilities and limitations of `run_composio_tool()`. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/22ebf767a7e3bbe0)
Powered by SkillShield