Security Audit
genderize-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
genderize-automation received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill exposes broad tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill exposes broad tool execution via RUBE_REMOTE_WORKBENCH The skill is named 'genderize-automation' and its description focuses on Genderize tasks. However, it exposes the `RUBE_REMOTE_WORKBENCH` tool for 'Bulk ops' which uses `run_composio_tool()`. The documentation does not explicitly state that `run_composio_tool()` is limited to Genderize-specific operations. If `run_composio_tool()` can execute arbitrary Composio tools from other toolkits (e.g., filesystem, network), this skill grants excessive permissions beyond its declared scope, potentially allowing an LLM to perform actions unrelated to Genderize. Clarify in the skill's documentation that `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` are strictly scoped to Genderize operations, or ensure the underlying Rube MCP system enforces this scope. If broader access is intended, the skill's name and description should be updated to reflect this. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/9fd41b050bf5fc4f)
Powered by SkillShield