Security Audit
findymail-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
findymail-automation received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Broad access to Rube MCP tools, Reliance on external Rube MCP server introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill grants access to the `RUBE_REMOTE_WORKBENCH` tool via the Rube MCP. The description 'Bulk ops' and the mention of `run_composio_tool()` strongly suggest that this tool can execute arbitrary operations or code within a remote environment. If `run_composio_tool()` allows unconstrained execution or if its arguments are not properly sanitized, it could be exploited for command injection, leading to unauthorized code execution, data exfiltration, or system compromise. Thoroughly review the capabilities and sandboxing of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that `run_composio_tool()` is strictly limited in its execution scope and that all inputs are rigorously validated and sanitized to prevent command injection. If this skill only requires specific Findymail operations, consider if `RUBE_REMOTE_WORKBENCH` is truly necessary or if more granular permissions can be requested from the Rube MCP. | LLM | SKILL.md:76 | |
| MEDIUM | Broad access to Rube MCP tools The skill's manifest requests access to the entire `rube` MCP (`"mcp": ["rube"]`). This grants the skill access to all tools exposed by the Rube MCP, not just those specifically related to Findymail. If the Rube MCP exposes tools with sensitive capabilities beyond the intended scope of Findymail automation, this could lead to excessive permissions, allowing the skill to perform actions it does not strictly require. If possible, request more granular permissions for specific Rube tools rather than the entire MCP. Document which specific Rube tools are required for Findymail automation and justify their necessity. This follows the principle of least privilege. | LLM | SKILL.md:1 | |
| MEDIUM | Reliance on external Rube MCP server introduces supply chain risk The skill instructs users to add `https://rube.app/mcp` as an external MCP server. Relying on an external, potentially third-party, MCP introduces a supply chain risk. A compromise of the `rube.app` domain or the MCP server could lead to the delivery of malicious tools, altered tool schemas, or unauthorized code execution, potentially impacting the agent's security and operations. Implement robust vetting processes for external MCPs and their providers. Consider mirroring or caching critical external dependencies if possible to mitigate risks from upstream compromises. Continuously monitor the health and security posture of `rube.app` and its associated services. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/d2b5ed75b6cc6924)
Powered by SkillShield