Security Audit

dictionary-api-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dictionary-api-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Broad tool execution via RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH implies general-purpose execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	RUBE_REMOTE_WORKBENCH implies general-purpose execution The skill mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' using `run_composio_tool()`. The term 'workbench' and the generic `run_composio_tool()` function suggest a powerful, potentially unconstrained execution environment. If this tool allows arbitrary code execution or access to system resources beyond the intended `dictionary_api` scope, it represents a significant security risk, enabling data exfiltration, command injection, or other malicious activities. The skill does not provide any explicit sandboxing or scope limitations for this tool. Clarify and strictly limit the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` to only perform operations relevant to the Dictionary API, or remove this tool if its broad capabilities are not strictly necessary and securely sandboxed. Provide explicit documentation on its security implications and how its scope is enforced.	LLM	SKILL.md:80
MEDIUM	Broad tool execution via RUBE_MULTI_EXECUTE_TOOL The skill instructs the agent to use `RUBE_MULTI_EXECUTE_TOOL` with a `tool_slug` derived from `RUBE_SEARCH_TOOLS`. While `RUBE_SEARCH_TOOLS` is scoped to 'Dictionary API operations', the `RUBE_MULTI_EXECUTE_TOOL` itself does not enforce this scope. An attacker could potentially craft a prompt to the LLM to provide a `tool_slug` for a different, more privileged toolkit or operation if the LLM is aware of such tools, leading to unintended actions beyond the Dictionary API scope. The skill relies on the LLM's adherence to the 'search first' instruction rather than technical enforcement. Implement stricter validation or allow-listing of `tool_slug` values within the `RUBE_MULTI_EXECUTE_TOOL` call or the Rube MCP itself, ensuring only slugs from the intended `dictionary_api` toolkit can be executed. Alternatively, the skill definition could explicitly constrain the `tool_slug` parameter to a predefined list of safe Dictionary API operations.	LLM	SKILL.md:56

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ac3975484ee78a73.svg)](https://skillshield.io/report/ac3975484ee78a73)