Security Audit
finerworks-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
finerworks-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill grants broad access to Finerworks operations via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill grants broad access to Finerworks operations via Rube MCP The skill's primary function is to automate Finerworks tasks by leveraging Rube MCP tools. Specifically, `RUBE_MULTI_EXECUTE_TOOL` allows the LLM to execute any Finerworks operation discovered through `RUBE_SEARCH_TOOLS`. This design grants the AI agent broad, unconstrained access to the connected Finerworks account's functionalities. While this is the intended operational scope, it means a compromised or misdirected LLM could perform a wide array of actions (e.g., create, read, update, delete data) within Finerworks without further granular permission checks at the skill level. Implement more granular access control mechanisms within the Rube MCP integration or the Finerworks API itself, if possible, to restrict the specific Finerworks operations an LLM can perform. Consider requiring explicit user confirmation for sensitive operations. Ensure robust logging and auditing of all actions performed through this skill. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/90124498e870c04f)
Powered by SkillShield