Security Audit

enigma-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

enigma-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned and dynamically loaded external MCP dependency, Broad tool execution capabilities via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Unpinned and dynamically loaded external MCP dependency The skill relies on an external, unversioned MCP server (`https://rube.app/mcp`) for all its functionality. Tool schemas and execution logic are dynamically fetched at runtime via `RUBE_SEARCH_TOOLS` and `RUBE_GET_TOOL_SCHEMAS`. This means the actual code executed by the agent is not static within the skill package but is loaded from a third-party service. A compromise or malicious update to `rube.app` could lead to arbitrary code execution, data exfiltration, or other severe security breaches without any changes to the skill package itself. There is no mechanism to pin the version of the Rube MCP or the `enigma` toolkit, making it highly vulnerable to supply chain attacks. Implement version pinning for the Rube MCP and the `enigma` toolkit. Consider hosting critical tools locally or using a trusted, verified registry. Implement integrity checks for dynamically loaded schemas and execution plans.	LLM	SKILL.md:19
HIGH	Broad tool execution capabilities via Rube MCP The skill grants the LLM access to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` which can execute any tool exposed by the `enigma` toolkit through the Rube MCP. The scope of 'Enigma operations' is not defined or restricted within the skill, meaning the LLM could be prompted to perform a wide range of actions, including potentially destructive or sensitive operations, depending on the capabilities of the underlying `enigma` tools. The `RUBE_REMOTE_WORKBENCH` is particularly concerning as its name implies a general-purpose execution environment, which could be misused for arbitrary code execution or system manipulation. Restrict the set of `enigma` tools that the LLM can access through the Rube MCP to only those strictly necessary for the skill's intended purpose. Implement fine-grained access controls for specific tool actions. Provide clear documentation of the exact capabilities and potential impact of each exposed tool.	LLM	SKILL.md:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/83b3f57f8560ee20.svg)](https://skillshield.io/report/83b3f57f8560ee20)