Security Audit
givebutter-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
givebutter-automation received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions via Broad Tool Access, Unpinned Supply Chain Dependency, Indirect Credential Harvesting Vector via External Auth Link.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via Broad Tool Access The skill instructs the LLM to use highly permissive tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. `RUBE_MULTI_EXECUTE_TOOL` allows execution of any tool discovered via `RUBE_SEARCH_TOOLS`, and `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` implies arbitrary tool execution. This grants the LLM broad capabilities to interact with Givebutter (and potentially other systems) without fine-grained control, increasing the risk of unauthorized actions if the LLM is prompted maliciously. Implement stricter access controls or a more granular tool interface. Instead of a generic 'multi-execute' tool, consider exposing specific, limited-scope tools for common operations. Ensure the underlying Rube MCP enforces least privilege and robust authorization for all tool executions. | LLM | SKILL.md:56 | |
| HIGH | Unpinned Supply Chain Dependency The skill relies on 'Rube MCP' from `https://rube.app/mcp` as a core dependency, as indicated by the manifest (`'requires': {'mcp': ['rube']}`) and the skill documentation. There is no version pinning specified for this dependency. This introduces a supply chain risk, as changes or malicious updates to the `rube.app` service could directly impact the skill's functionality and security without explicit user or developer review. Specify a pinned version or a version range for the `rube` MCP dependency in the manifest or configuration. Regularly audit external dependencies and their update mechanisms to mitigate risks from unannounced changes or compromises. | LLM | SKILL.md:19 | |
| MEDIUM | Indirect Credential Harvesting Vector via External Auth Link The skill's setup instructions direct the user to 'follow the returned auth link to complete setup' if the Givebutter connection is not active. While the skill itself does not perform credential harvesting, it acts as a conduit to an external authentication process. If the Rube MCP service or the auth link generation process were compromised, a malicious link could be presented to the user, leading to credential harvesting or phishing. The skill implicitly trusts the external service to provide a legitimate and secure authentication flow. Advise users to verify the authenticity of any authentication links provided by external services. Implement mechanisms within the Rube MCP to validate and secure authentication redirects. Consider adding warnings or checks within the skill's interaction flow to alert users to suspicious links. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/ef0715420cec1f4a)
Powered by SkillShield