Trust Assessment
felt-automation received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency on Rube MCP, Broad execution capabilities via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad execution capabilities via RUBE_REMOTE_WORKBENCH The skill documentation explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool suggests the ability to execute arbitrary code or complex operations within a remote workbench environment. Providing an LLM access to such a general-purpose code execution environment grants excessive permissions, significantly increasing the attack surface. If the arguments or the `run_composio_tool()` call itself can be influenced by untrusted user input, it presents a direct command injection vulnerability, potentially leading to data exfiltration, system compromise, or unintended actions. 1. Carefully evaluate if `RUBE_REMOTE_WORKBENCH` is strictly necessary for the skill's intended purpose. 2. If necessary, ensure that `run_composio_tool()` strictly validates and sanitizes all inputs, preventing arbitrary code execution. 3. Implement strong sandboxing and least-privilege principles for the remote workbench environment. 4. Provide clear guidance to the LLM on when and how to safely use this powerful tool, emphasizing input validation and security considerations. | LLM | SKILL.md:70 | |
| MEDIUM | Unpinned dependency on Rube MCP The skill manifest specifies a dependency on the 'rube' MCP without a version constraint. This means the skill could be used with any version of Rube MCP, including potentially vulnerable future versions or older versions with known exploits. This introduces a supply chain risk as the behavior and security posture of the underlying MCP can change without explicit control, potentially leading to unexpected behavior or security vulnerabilities. Pin the Rube MCP dependency to a specific, known-good version or version range (e.g., `rube@1.2.3` or `rube@^1.0.0`) in the skill's manifest to ensure consistent and secure behavior. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/9c423ef4e2e4d8ae)
Powered by SkillShield