Security Audit
eventzilla-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
eventzilla-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad Tool Execution Capabilities via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad Tool Execution Capabilities via Rube MCP The skill leverages `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` to perform Eventzilla operations. These Rube MCP tools are generic execution mechanisms that allow the skill to invoke any Eventzilla tool exposed by Composio/Rube. This grants the skill broad access to potentially all Eventzilla functionalities, including sensitive actions like data modification or deletion, without explicit scope limitation within the skill's definition. While this is the intended purpose of an automation skill, it represents a significant permission scope that could be misused if not properly constrained by the orchestrating LLM or user. Implement granular access control within the Rube MCP configuration or the orchestrating LLM to limit the specific Eventzilla operations that can be performed by this skill. If possible, define a more constrained set of required Rube tools in the skill's manifest rather than relying on generic execution. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/19db72a3a32c5aa8)
Powered by SkillShield