Security Audit
dropcontact-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
dropcontact-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill provides access to generic Rube MCP tools beyond stated scope.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill provides access to generic Rube MCP tools beyond stated scope The skill 'dropcontact-automation' is named and described as automating Dropcontact tasks. However, it exposes generic Rube MCP tools such as `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools allow the execution of any tool available through Rube MCP, not just those specifically related to Dropcontact. This means an LLM using this skill could be prompted to interact with other connected toolkits, leading to excessive permissions beyond the skill's intended scope of 'Dropcontact automation'. Restrict the exposed Rube MCP tools to only those directly related to Dropcontact operations. Alternatively, rename the skill to reflect its broader capability (e.g., 'Rube MCP Automation') and update the description accordingly, making the broader scope explicit to the user. If the intent is truly Dropcontact-only, consider implementing a wrapper that filters `tool_slug` arguments to only allow Dropcontact-specific tools. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/9081d42b4a4d9a44)
Powered by SkillShield