Security Audit

echtpost-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

echtpost-automation received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill enables broad tool execution via Rube MCP, Unpinned Rube MCP dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill enables broad tool execution via Rube MCP The skill's documentation instructs the LLM to use `RUBE_SEARCH_TOOLS` to discover available tools and `RUBE_MULTI_EXECUTE_TOOL` to execute them. Furthermore, it explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This design grants the LLM the capability to discover and execute a wide range of tools available through the Rube MCP. If the underlying Rube connection has broad permissions, this could include sensitive operations or access to various external services. This broad access, while intended for automation, poses a significant risk if the LLM is compromised or misused, potentially leading to unauthorized actions or data exfiltration. Implement stricter access controls or allow-lists for the tools an LLM can execute via Rube MCP. Ensure the LLM's execution environment is sandboxed and that any calls to `RUBE_MULTI_EXECUTE_TOOL` or `RUBE_REMOTE_WORKBENCH` are subject to human review or explicit confirmation for sensitive operations. Consider limiting the scope of tools discoverable or executable by the LLM through this skill.	LLM	SKILL.md:70
MEDIUM	Unpinned Rube MCP dependency The skill's manifest specifies a dependency on the 'rube' MCP (`"mcp": ["rube"]`) without a version constraint. This means the skill will always use the latest available version of the Rube MCP. If the Rube MCP provider introduces breaking changes, vulnerabilities, or malicious tools in a future update, the skill would automatically inherit these without explicit review, posing a supply chain risk. This lack of pinning can lead to unexpected behavior or security issues if the upstream dependency changes. Pin the Rube MCP dependency to a specific version or hash in the manifest to ensure deterministic behavior and prevent unexpected changes from upstream. Regularly review and update pinned dependencies to incorporate necessary security fixes and features.	LLM	SKILL.md:2

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ecc57f62286df77d.svg)](https://skillshield.io/report/ecc57f62286df77d)