Security Audit
genderize-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
genderize-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill grants broad Rube MCP access beyond stated purpose.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill grants broad Rube MCP access beyond stated purpose The skill's manifest requests access to the entire Rube MCP (`mcp: ["rube"]`), which provides a wide range of tools and capabilities across various Composio toolkits. While the skill's name ("genderize-automation") and documentation focus on Genderize operations, the granted permissions allow the LLM to interact with any Rube-managed toolkit or perform general operations via `RUBE_MULTI_EXECUTE_TOOL` or `RUBE_REMOTE_WORKBENCH`, potentially exceeding the intended scope of a Genderize-specific skill. Restrict Rube MCP access to only the specific tools or toolkits required for Genderize operations, if possible. For example, if Rube allows granular toolkit permissions, specify `mcp: ["rube:genderize"]` or similar. If granular permissions are not available, clearly document the broader capabilities and potential implications of the full Rube MCP access in the skill's description. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/de92d214d159c1cb)
Powered by SkillShield