Security Audit

gleap-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gleap-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned external Multi-Capability Provider (MCP) endpoint, Use of powerful `RUBE_REMOTE_WORKBENCH` tool with potential for arbitrary code execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned external Multi-Capability Provider (MCP) endpoint The skill instructs the agent to configure an external Rube MCP endpoint at `https://rube.app/mcp`. This endpoint is unversioned, meaning any changes or compromises to the `rube.app` service could directly impact the security and functionality of the skill without explicit version control. This introduces a supply chain risk, as a malicious update to the MCP could lead to arbitrary code execution or data exfiltration. Implement a mechanism to validate the integrity of the MCP endpoint or use a versioned endpoint if available. Consider hosting critical MCPs internally or using trusted, version-controlled package managers.	Static	SKILL.md:18
HIGH	Use of powerful `RUBE_REMOTE_WORKBENCH` tool with potential for arbitrary code execution The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the generic `run_composio_tool()` function suggest a powerful execution environment that could potentially allow arbitrary code execution or shell commands if not properly sandboxed. This grants excessive permissions to the agent and poses a command injection risk if malicious inputs can be passed to `run_composio_tool()`. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that `run_composio_tool()` is strictly sandboxed and does not allow arbitrary code execution or access to sensitive system resources. If it does, restrict its usage or provide clear warnings about its power and potential for misuse.	Static	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/93b78e844ef4d673.svg)](https://skillshield.io/report/93b78e844ef4d673)