Security Audit

google-address-validation-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

google-address-validation-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Excessive Permissions via Generic Tool Execution, Unpinned Dependency in Manifest.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

91%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Excessive Permissions via Generic Tool Execution The skill's manifest and description state its purpose is to 'Automate Google Address Validation tasks'. However, it relies on generic Rube MCP tools like `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. These tools are capable of interacting with and executing operations across any toolkit available through Rube MCP, not just `google_address_validation`. While the provided examples focus on the intended use case, the skill itself does not implement explicit guardrails to restrict the scope of `RUBE_MULTI_EXECUTE_TOOL` to only Google Address Validation tools. An attacker could potentially craft a prompt that causes the LLM to search for and execute tools from other Rube toolkits, leading to unintended actions or access beyond the skill's stated purpose. Implement explicit checks or configurations within the skill's logic (if possible within the Claude Code ecosystem) to ensure that `RUBE_MULTI_EXECUTE_TOOL` can only execute tools belonging to the `google_address_validation` toolkit. Alternatively, if the platform allows, define more granular permissions for the skill to only access the `google_address_validation` toolkit within Rube MCP.	LLM	SKILL.md:50
LOW	Unpinned Dependency in Manifest The skill's manifest specifies a dependency on `rube` within the `mcp` category (`'mcp': ['rube']`). This dependency is unversioned, meaning any version of the `rube` MCP could be used. This introduces a supply chain risk, as future versions of `rube` could introduce breaking changes, vulnerabilities, or even malicious code without the skill author's explicit approval or testing. Pinning dependencies to specific versions or ranges is a best practice for security and reproducibility. Specify a version constraint for the `rube` dependency in the manifest (e.g., `'mcp': ['rube==1.2.3']` or `'mcp': ['rube>=1.0.0,<2.0.0']`) to ensure stability and mitigate risks from unexpected changes in future versions.	LLM	SKILL.md:3

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/94250d332465480a.svg)](https://skillshield.io/report/94250d332465480a)