Security Audit
esputnik-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
esputnik-automation received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Broad tool execution allows potential data exfiltration, `RUBE_REMOTE_WORKBENCH` may allow arbitrary code execution, Unpinned dependency on Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution allows potential data exfiltration The skill allows the LLM to execute any tool discovered via `RUBE_SEARCH_TOOLS` using `RUBE_MULTI_EXECUTE_TOOL`. If the underlying Esputnik toolkit contains tools capable of sending data to external services (e.g., email, webhooks, external APIs) and the LLM is prompted to include sensitive user data in the `arguments` parameter, this could lead to data exfiltration. The skill does not restrict which specific Esputnik tools can be called, only that they must be discovered first, granting broad access to potentially sensitive operations. Implement a whitelist or fine-grained access control for specific Esputnik tools that the LLM is allowed to execute. Carefully review the capabilities of all Esputnik tools exposed via Rube MCP for sensitive operations. Ensure LLM prompts are designed to prevent inclusion of sensitive data in tool arguments unless explicitly required and secured. | LLM | SKILL.md:49 | |
| HIGH | `RUBE_REMOTE_WORKBENCH` may allow arbitrary code execution The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the function `run_composio_tool()` suggest a powerful interface that could potentially allow arbitrary code execution or command injection within the Rube MCP environment. If user-controlled input can influence the arguments or commands passed to `run_composio_tool()`, it could lead to unauthorized execution of commands or scripts. Clarify the exact capabilities and security implications of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution, restrict its use or ensure strict input validation and sandboxing. Provide specific examples of its safe usage and potential risks. | LLM | SKILL.md:71 | |
| MEDIUM | Unpinned dependency on Rube MCP The skill's manifest declares a dependency on `rube` MCP (`"requires": {"mcp": ["rube"]}`). However, no specific version or hash is pinned for the `rube` MCP. This means that any version of the `rube` MCP could be used, including potentially compromised or malicious future versions. This introduces a supply chain risk where an update to the `rube` MCP could introduce vulnerabilities or malicious behavior without explicit approval or review. Implement a mechanism to pin the required Rube MCP version or a specific hash to ensure deterministic and secure dependency resolution. Regularly review and update pinned versions. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/76f8c931b0bfd190)
Powered by SkillShield