Security Audit

docsbot-ai-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

docsbot-ai-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill enables broad arbitrary tool execution via Rube MCP, Unpinned dependency on external Rube MCP service.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill enables broad arbitrary tool execution via Rube MCP The skill leverages Rube MCP tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools are designed to execute arbitrary operations and tools discovered through `RUBE_SEARCH_TOOLS`. While this is their intended functionality, it grants the AI agent extremely broad permissions to interact with external services and perform actions. An attacker who can manipulate the agent's prompts or the `RUBE_SEARCH_TOOLS` output could leverage this skill to execute a wide range of unauthorized operations, potentially leading to data manipulation, service disruption, or further compromise. Implement stricter access controls or validation mechanisms within the agent's execution environment to limit the scope of actions `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` can perform. Ensure that tool execution is always confirmed by the user or constrained by a predefined allowlist of operations. Consider sandboxing the execution environment for such powerful tools.	LLM	SKILL.md:59
HIGH	Unpinned dependency on external Rube MCP service The skill relies on the Rube MCP service (`https://rube.app/mcp`) as indicated by the manifest `{"requires": {"mcp": ["rube"]}}` and setup instructions. There is no version pinning or integrity verification mechanism specified for the Rube MCP endpoint or the tools it provides. If the `rube.app` service were compromised or changed its behavior to serve malicious tool schemas or execution logic, any agent using this skill would be vulnerable to arbitrary command execution, data exfiltration, or other attacks without explicit user consent or warning. Implement mechanisms to pin the version or specific configuration of the Rube MCP service. This could involve specifying a hash of the expected tool schemas, using a trusted proxy, or requiring explicit versioning from the MCP provider. Regularly audit the external service for changes or compromises and validate tool schemas before execution.	LLM	SKILL.md:27

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/62b2afeaf6b43a80.svg)](https://skillshield.io/report/62b2afeaf6b43a80)