Security Audit
emelia-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
emelia-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This suggests the ability to execute arbitrary code or commands within a remote workbench environment. Without proper sandboxing and strict limitations on what `run_composio_tool()` can execute, this could lead to command injection, allowing an attacker to execute malicious code on the underlying system or within the Composio environment. Ensure `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` are strictly sandboxed and only allow execution of predefined, safe operations. Implement robust input validation and authorization checks to prevent arbitrary code execution. Clearly document the security boundaries and capabilities of this tool. | LLM | SKILL.md:66 |
Scan History
Embed Code
[](https://skillshield.io/report/6575500702b418a9)
Powered by SkillShield