Security Audit
elorus-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
elorus-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Excessive Permissions via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' typically implies an environment capable of executing arbitrary code or scripts, and `run_composio_tool()` suggests the ability to invoke underlying system functionalities. If this tool allows arbitrary code execution or broad system access, it grants excessive permissions to the agent, creating a critical command injection vulnerability and potential for unauthorized actions or data exfiltration if the agent is compromised or misused. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution, implement strict sandboxing, input validation, and access controls. Consider if such broad access is truly necessary for the skill's intended purpose. If not, restrict its functionality. Document the security implications and mitigation strategies for users. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/0384451a916f12b5)
Powered by SkillShield