Security Audit
getform-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
getform-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential for arbitrary code execution and data access via RUBE_REMOTE_WORKBENCH, Dynamic execution of potentially broad tools via RUBE_MULTI_EXECUTE_TOOL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for arbitrary code execution and data access via RUBE_REMOTE_WORKBENCH The skill's documentation advertises the use of `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. The term 'workbench' and the function name `run_composio_tool()` strongly imply that this tool provides an environment for executing arbitrary code or complex operations. This capability, if not strictly sandboxed and controlled, could allow an attacker (e.g., through prompt injection or by manipulating the Rube MCP) to execute arbitrary commands, access sensitive files, or exfiltrate data from the agent's environment or connected systems. The skill itself does not define the scope or security boundaries of this 'workbench' environment. Clarify the exact capabilities and security boundaries of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it operates within a strictly sandboxed environment with minimal necessary permissions. If it allows arbitrary code execution, this should be explicitly stated and justified, with strong warnings about its use and guidance on how to mitigate risks. Consider if such a powerful tool is necessary for the skill's stated purpose. | LLM | SKILL.md:69 | |
| MEDIUM | Dynamic execution of potentially broad tools via RUBE_MULTI_EXECUTE_TOOL The skill instructs the agent to dynamically discover tools using `RUBE_SEARCH_TOOLS` and then execute them via `RUBE_MULTI_EXECUTE_TOOL`. This pattern means the agent's operational capabilities are dictated by an external service (`rube.app/mcp`). If the Rube MCP or the `RUBE_SEARCH_TOOLS` response is compromised or manipulated, it could instruct the agent to execute tools with excessive permissions, leading to unintended actions, data exfiltration, or command injection. The skill explicitly warns against hardcoding tool slugs, reinforcing this dynamic execution pattern, which increases reliance on the external service's integrity. Implement strong validation and sanitization of tool slugs and arguments returned by `RUBE_SEARCH_TOOLS`. Ensure that the agent only executes tools from a trusted whitelist or that have been thoroughly vetted. Provide clear documentation on the security implications of dynamically executing tools from an external source and the measures taken to secure the Rube MCP. | LLM | SKILL.md:54 |
Scan History
Embed Code
[](https://skillshield.io/report/1fcd6d63a859c7f2)
Powered by SkillShield