Security Audit
eversign-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
eversign-automation received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH, Excessive Permissions for Eversign Operations, Unpinned Rube MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill documentation explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the function name `run_composio_tool()` strongly suggest a capability to execute arbitrary code or complex scripts within the Rube environment. If an attacker can control the arguments passed to `run_composio_tool()`, they could achieve command injection or arbitrary code execution, leading to data exfiltration, system compromise, or other malicious activities. The documentation does not specify the security boundaries or sandboxing of this tool. Clarify and restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure `run_composio_tool()` is strictly sandboxed and only allows predefined, safe operations. Implement robust input validation and authorization checks for any code execution capabilities. Consider if such a powerful tool is necessary for the skill's intended purpose, or if more granular, restricted tools can be used instead. | Static | SKILL.md:80 | |
| MEDIUM | Excessive Permissions for Eversign Operations The skill grants the agent the ability to perform a wide range of 'Eversign operations' via `RUBE_MULTI_EXECUTE_TOOL`. While this is the intended functionality, if an attacker gains control over the agent's tool calls (e.g., via prompt injection), they could instruct the agent to perform unauthorized actions within Eversign. This could include retrieving sensitive documents, modifying legal agreements, or sending documents to unauthorized recipients, leading to data exfiltration or business process compromise. The skill's design provides broad access to the underlying Eversign API. Implement robust authorization and access control mechanisms for the agent's use of Eversign tools. Ensure that the agent's permissions are least-privilege, only allowing operations strictly necessary for its defined tasks. For highly sensitive operations, consider implementing a human-in-the-loop approval process. | Static | SKILL.md:56 | |
| LOW | Unpinned Rube MCP Dependency The skill's manifest specifies a dependency on the 'rube' MCP but does not pin it to a specific version. This introduces a supply chain risk where updates to the Rube MCP could introduce breaking changes, unexpected behavior, or even security vulnerabilities that the skill is not prepared for. Without a pinned version, the skill's behavior could change unpredictably if the underlying MCP is updated. If possible within the Composio ecosystem, specify a version or version range for the `rube` MCP dependency to ensure stability and control over the environment the skill operates in. Regularly review and test the skill against new MCP versions. | Static | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/22a483cc5f0e6d24)
Powered by SkillShield