Security Audit
feathery-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
feathery-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Remote Workbench allows arbitrary code execution, Excessive permissions for managing external connections, User-controlled input in tool arguments may lead to injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Workbench allows arbitrary code execution The skill exposes `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. The term 'workbench' and the function `run_composio_tool()` strongly imply the ability to execute arbitrary code or commands within a remote environment. This could lead to command injection, data exfiltration, or system compromise if not properly sandboxed and restricted. Clarify the exact capabilities and security boundaries of `RUBE_REMOTE_WORKBENCH`. Ensure it operates within a strictly sandboxed environment with minimal permissions. Implement robust input validation and restrict the types of operations that can be performed. Consider if this tool is truly necessary for the skill's intended purpose. | LLM | SKILL.md:78 | |
| HIGH | Excessive permissions for managing external connections The skill grants access to `RUBE_MANAGE_CONNECTIONS`, which allows an agent to manage (check status, potentially establish or disconnect) connections to external services like Feathery. This is a sensitive capability. A compromised agent could potentially disrupt legitimate connections or establish malicious ones, leading to unauthorized access or denial of service. Implement strict access controls and auditing for `RUBE_MANAGE_CONNECTIONS`. Ensure that agents can only manage connections they are explicitly authorized for, and that sensitive connection details are never exposed directly. Consider if the agent truly needs to *manage* connections, or just *verify* their status. | LLM | SKILL.md:24 | |
| MEDIUM | User-controlled input in tool arguments may lead to injection The skill instructs the agent to pass user-controlled input into `use_case` fields for `RUBE_SEARCH_TOOLS` and `arguments` for `RUBE_MULTI_EXECUTE_TOOL`. If the Rube MCP system or the underlying Feathery toolkit processes these inputs without robust sanitization, it could be vulnerable to prompt injection (if passed to an LLM) or command injection (if used in system commands or interpreted code). The `SKILL.md` itself doesn't perform the injection, but describes a pattern that enables it. Ensure that all user-provided inputs passed to Rube MCP tools (e.g., `use_case`, `arguments`) are thoroughly validated and sanitized by the Rube MCP system before being processed by any LLM or executed as commands. Implement strict schemas and type checking. | LLM | SKILL.md:49 | |
| LOW | Connection to external MCP server from untrusted source The skill instructs the client to add `https://rube.app/mcp` as an MCP server. While `rube.app` is associated with Composio, relying on an instruction from an untrusted skill package to connect to an external service introduces a supply chain risk. If the skill package were compromised, this URL could be swapped for a malicious one, leading to connection to an attacker-controlled server. Implement a whitelist or strict validation for allowed MCP server URLs. Do not automatically trust URLs provided within untrusted skill packages. Users should manually verify and approve external server connections. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/ad71ce4626b3f88d)
Powered by SkillShield