Security Audit

fitbit-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

fitbit-automation received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Broad access to Fitbit API via RUBE_MULTI_EXECUTE_TOOL, Powerful RUBE_REMOTE_WORKBENCH tool grants broad execution capabilities.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Broad access to Fitbit API via RUBE_MULTI_EXECUTE_TOOL The skill instructs the agent to use `RUBE_MULTI_EXECUTE_TOOL` with dynamically discovered tool slugs and arguments. This grants the agent the ability to execute any operation available through the Fitbit API via the Rube MCP, including reading sensitive health data, logging activities, and managing account settings. While necessary for the skill's stated purpose of 'Automate Fitbit tasks', this represents a broad attack surface. A compromised agent could be instructed by a malicious user to perform unauthorized or data-exfiltrating operations on the user's Fitbit account. Implement fine-grained access control within the Rube MCP or the agent's policy layer to restrict the specific Fitbit operations an agent can perform, or require explicit user confirmation for sensitive actions. Ensure the agent's internal reasoning prevents arbitrary execution based on untrusted user input.	LLM	SKILL.md:57
HIGH	Powerful RUBE_REMOTE_WORKBENCH tool grants broad execution capabilities The skill mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. Workbenches typically provide a flexible environment for complex, multi-step operations, potentially including scripting or chaining of tools. This tool, if not properly sandboxed or restricted, could allow for arbitrary execution of commands or complex logic within the Rube MCP environment, leading to excessive permissions and potential command injection if a malicious payload is passed to it. The skill does not provide details on the exact capabilities or security model of `RUBE_REMOTE_WORKBENCH`, making its broad inclusion a significant risk. Provide clear documentation on the security implications and sandboxing of `RUBE_REMOTE_WORKBENCH`. If possible, restrict its use or require explicit user consent for operations executed through it. Implement strict input validation and sanitization for any arguments passed to `run_composio_tool()` within the workbench to mitigate command injection risks.	LLM	SKILL.md:79

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/62aaae72d4e9b05e.svg)](https://skillshield.io/report/62aaae72d4e9b05e)