Security Audit
discordbot-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
discordbot-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool's description is vague but implies powerful capabilities, potentially allowing the execution of arbitrary Composio tools or operations beyond the stated scope of 'Discordbot automation'. If `run_composio_tool()` can execute commands or tools not intended for the skill, it grants excessive permissions and could lead to unauthorized actions or command injection. Clarify and restrict the scope of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it can only execute Discordbot-specific operations and that arguments are strictly validated. If it allows arbitrary code execution, it should be removed or heavily sandboxed. | LLM | SKILL.md:73 |
Scan History
Embed Code
[](https://skillshield.io/report/54e1059b43e7aa74)
Powered by SkillShield