Security Audit
formdesk-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
formdesk-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via Dynamic Tool Discovery and Execution, Unpinned Dependency on External MCP and Dynamic Tool Schemas.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via Dynamic Tool Discovery and Execution The skill is designed to dynamically discover and execute any Formdesk operation available through the Rube MCP. It explicitly instructs the LLM to use `RUBE_SEARCH_TOOLS` to find 'current tool schemas' and then `RUBE_MULTI_EXECUTE_TOOL` to execute 'discovered tool slugs'. This pattern grants the LLM (and by extension, the user interacting with the LLM) broad, unconstrained access to all functionalities exposed by the Formdesk toolkit via Rube MCP, without any explicit whitelisting or scope limitation within the skill definition itself. This could lead to unauthorized or unintended operations if the LLM misinterprets a user's request or if the underlying Formdesk connection has overly permissive access. Implement fine-grained access control within the skill by explicitly whitelisting allowed Formdesk operations or categories. If dynamic discovery is necessary, introduce an approval step or a human-in-the-loop mechanism before executing potentially sensitive operations. Ensure the underlying Formdesk connection used by Rube MCP adheres to the principle of least privilege. | LLM | SKILL.md:39 | |
| HIGH | Unpinned Dependency on External MCP and Dynamic Tool Schemas The skill has a critical, unversioned dependency on the Rube MCP hosted at `https://rube.app/mcp`. It instructs the LLM to dynamically retrieve 'current tool schemas' using `RUBE_SEARCH_TOOLS`. This means the skill's behavior and security posture are entirely dependent on the external `rube.app` service and its dynamically changing tool definitions. There is no mechanism to pin the version of the Rube MCP or its tools, making the skill vulnerable to supply chain attacks, unexpected changes, or introduction of malicious functionalities by the `rube.app` provider without explicit review or update by the skill developer. If possible, use a versioned or pinned dependency for the Rube MCP. Implement a mechanism to validate or whitelist tool schemas retrieved from `RUBE_SEARCH_TOOLS` before execution. Regularly audit the `rube.app` service and its provided tools for security vulnerabilities and changes. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/c3d7324ee1d02e45)
Powered by SkillShield