Security Audit
fidel-api-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
fidel-api-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill's documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the generic `run_composio_tool()` function suggest a powerful, potentially unconstrained execution environment. Without explicit limitations on what `run_composio_tool()` can execute within this workbench, there is a significant risk of arbitrary code execution or shell command injection, leading to excessive permissions and potential system compromise if the environment is not strictly sandboxed. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution, ensure it operates within a strictly sandboxed environment with minimal permissions. If not, explicitly state the allowed operations and the scope of execution to prevent misuse and ensure it's limited to intended Composio tool interactions. | Static | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/e65898b65a4e2683)
Powered by SkillShield