Security Audit
Excel Automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
Excel Automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Reliance on external Rube MCP server for credential management.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Reliance on external Rube MCP server for credential management The skill's documentation explicitly states a requirement for an external 'Rube MCP server' (https://rube.app/mcp) to manage connections for Excel and Google Sheets. This introduces a supply chain risk. The security of this external service and the connection process (`RUBE_MANAGE_CONNECTIONS`) is critical. A compromise of `rube.app` or an insecure connection setup could lead to unauthorized access to user's spreadsheet data and services. Users should verify the security practices of `rube.app` and ensure secure connection management. Skill developers should consider providing alternative, more transparent, or self-hosted credential management options if possible, or clearly document the security implications of using `rube.app`. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/434efb744474f05d)
Powered by SkillShield