Security Audit
docugenerate-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
docugenerate-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via Generic Tool Execution, Excessive Permissions via Remote Workbench Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via Generic Tool Execution The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL`, which is a generic mechanism for executing tools from the 'docugenerate' toolkit. The skill does not define any specific scope, whitelist, or sandboxing for the `tool_slug` or `arguments` that can be passed to this tool. This grants the LLM broad and potentially excessive permissions to interact with the Docugenerate system. If the underlying 'docugenerate' toolkit contains tools capable of sensitive operations (e.g., arbitrary file access, data modification, or network requests), this could lead to unauthorized data access, modification, or execution of sensitive operations. Implement strict access control and sandboxing for Rube MCP tools. The skill should specify a whitelist of allowed tool slugs or restrict the types of arguments that can be passed to `RUBE_MULTI_EXECUTE_TOOL`. Ensure the underlying 'docugenerate' toolkit operates with the principle of least privilege and that its tools are adequately sandboxed. | LLM | SKILL.md:59 | |
| HIGH | Excessive Permissions via Remote Workbench Execution The skill explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as an approach for 'Bulk ops'. This mechanism implies the ability to execute arbitrary Composio tools remotely. If `run_composio_tool()` is not adequately sandboxed or restricted, it could allow the LLM to trigger arbitrary commands, access sensitive data, or perform unauthorized actions on the host system or integrated services. This presents a credible exploit path for command injection or data exfiltration if the underlying Composio tools have broad system access. Implement strict access control and sandboxing for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. The skill should define and enforce a limited set of allowed operations or explicitly state that `run_composio_tool()` is sandboxed and cannot perform arbitrary system commands or access unauthorized resources. Ensure the underlying Composio platform enforces least privilege for executed tools. | LLM | SKILL.md:86 |
Scan History
Embed Code
[](https://skillshield.io/report/e912740d62f01138)
Powered by SkillShield