Security Audit
gift-up-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
gift-up-automation received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Potential for arbitrary code execution via RUBE_REMOTE_WORKBENCH, Agent can manage sensitive connections and authentication, Dependency on external Rube MCP platform introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for arbitrary code execution via RUBE_REMOTE_WORKBENCH The skill exposes the `RUBE_REMOTE_WORKBENCH` tool, which includes a `run_composio_tool()` function. This suggests the capability to execute arbitrary code or operations within the Composio/Rube environment. If an attacker can manipulate the arguments passed to `run_composio_tool()`, they could potentially execute unintended commands, access unauthorized resources, or perform actions beyond the scope of Gift Up automation. The documentation does not specify sandboxing or limitations for this tool, posing a significant command injection and excessive permissions risk. Implement strict input validation and sandboxing for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that the agent can only call specific, pre-approved tools and arguments, and cannot execute arbitrary code. Limit the scope of operations available through this workbench. | LLM | SKILL.md:64 | |
| MEDIUM | Agent can manage sensitive connections and authentication The skill grants the agent access to `RUBE_MANAGE_CONNECTIONS`, which allows managing connections for the `gift_up` toolkit and involves an 'auth link to complete setup'. An agent with this capability could potentially create new connections, modify existing ones, or initiate authentication flows. This could lead to unauthorized access to Gift Up accounts or other connected services if the agent is compromised or misused, or if it's prompted to expose the authentication link/token, leading to excessive permissions and potential credential harvesting. Restrict the agent's ability to call `RUBE_MANAGE_CONNECTIONS` to only necessary scenarios, or implement strict human-in-the-loop approval for connection modifications or new connection establishments. Ensure that authentication links/tokens are never exposed to the agent or logged. | LLM | SKILL.md:27 | |
| LOW | Dependency on external Rube MCP platform introduces supply chain risk The skill is entirely dependent on the Rube MCP (Multi-Cloud Platform) for its functionality, as indicated by `{"requires": {"mcp": ["rube"]}}` in the manifest and the extensive use of Rube tools. The Rube MCP is an external service (`https://rube.app/mcp`). A compromise of the Rube MCP infrastructure or its provided tools could directly impact the security and integrity of this skill and any operations it performs. While not a direct vulnerability in the skill's code, it represents a significant external dependency risk. Implement robust monitoring of the Rube MCP's security posture and any updates. Consider implementing circuit breakers or kill switches for the skill if the Rube MCP becomes unavailable or compromised. Understand the security model and trust boundaries of the Rube MCP. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/55afd9fec3c235df)
Powered by SkillShield