Security Audit
gemini-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
gemini-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill promotes use of highly privileged tool for bulk operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill promotes use of highly privileged tool for bulk operations The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to allow the execution of arbitrary Composio tools and complex workflows, granting broad operational capabilities. While the skill itself doesn't grant permissions, it guides the LLM to leverage a tool with significant power. If the LLM is not properly constrained or if a malicious prompt is provided, this could lead to unintended or harmful actions, such as mass data manipulation or deletion, depending on the scope of the underlying Composio tools. Consider adding explicit warnings or constraints within the skill's description about the powerful nature of `RUBE_REMOTE_WORKBENCH` and the need for careful use. Recommend that the LLM's access to such tools be restricted to specific, pre-approved operations, or that human confirmation is required for 'Bulk ops' or other high-impact actions. | LLM | SKILL.md:76 |
Scan History
Embed Code
[](https://skillshield.io/report/5ad7750e976e9cd0)
Powered by SkillShield