Security Audit
finage-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
finage-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad tool execution capability via RUBE_MULTI_EXECUTE_TOOL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad tool execution capability via RUBE_MULTI_EXECUTE_TOOL The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` which can execute any tool slug discovered via `RUBE_SEARCH_TOOLS`. This grants the LLM broad access to all functionalities exposed by the Finage toolkit through Rube MCP. While intended for 'Finage operations', an attacker could potentially craft prompts to execute unintended or sensitive Finage operations if the underlying Finage toolkit exposes such functionalities (e.g., data deletion, modification of critical settings). The skill does not implement any explicit whitelisting or restriction on which specific Finage tools can be executed. Implement stricter access controls or a whitelist of allowed Finage tool slugs if only a subset of operations is intended. Ensure the Finage toolkit itself adheres to the principle of least privilege and that `RUBE_SEARCH_TOOLS` does not expose tools that should not be accessible to the LLM. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/97e657ad5ceff605)
Powered by SkillShield