Security Audit
gleap-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
gleap-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Excessive Tool Execution Permissions via Rube MCP, Broad Remote Workbench Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Tool Execution Permissions via Rube MCP The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` which grant overly broad execution capabilities. `RUBE_MULTI_EXECUTE_TOOL` allows the LLM to dynamically discover and execute *any* Gleap operation available through Rube MCP. `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` further extends this to *any* Composio tool. This means an LLM, if compromised or misused, could perform arbitrary actions within the Gleap system or other Composio-integrated systems, potentially leading to data manipulation, unauthorized access, or service disruption. The skill does not define or enforce any granular restrictions on which specific Gleap or Composio operations can be performed. Restrict the scope of operations the LLM can perform. Instead of a generic `RUBE_MULTI_EXECUTE_TOOL`, consider exposing specific, pre-approved Gleap operations as distinct tools. For `RUBE_REMOTE_WORKBENCH`, ensure that the `run_composio_tool()` function is only used for explicitly whitelisted and safe operations, or remove its usage if not strictly necessary. Implement granular access controls at the Rube MCP or Composio platform level to limit the actions an LLM can take, even if it requests a broad operation. | LLM | SKILL.md:49 | |
| HIGH | Broad Remote Workbench Access The skill explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool provides a mechanism for executing arbitrary Composio tools, which can encompass a wide range of functionalities across various integrated services. Granting an LLM the ability to execute any Composio tool via this mechanism represents a significant privilege, as it bypasses specific tool definitions and could allow for unintended or malicious actions if the LLM's instructions are subverted. Avoid exposing generic remote workbench execution capabilities to the LLM. If bulk operations are required, define them as specific, narrowly scoped tools with predefined parameters. Ensure that the `run_composio_tool()` function, if used, is strictly limited to a whitelist of safe and necessary operations, and that any arguments passed to it are validated and sanitized to prevent command injection or unauthorized access to other Composio tools. | LLM | SKILL.md:74 |
Scan History
Embed Code
[](https://skillshield.io/report/7a79ddaec96f7c4e)
Powered by SkillShield