Security Audit

googlesuper-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

googlesuper-automation received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in manifest, Potentially excessive permissions via 'RUBE_REMOTE_WORKBENCH'.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potentially excessive permissions via 'RUBE_REMOTE_WORKBENCH' The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the generic function `run_composio_tool()` suggest a potentially broad and less constrained execution environment compared to `RUBE_MULTI_EXECUTE_TOOL` which explicitly uses schema-compliant arguments. If `RUBE_REMOTE_WORKBENCH` allows arbitrary code execution, shell commands, or unvalidated script execution, it poses a significant command injection and excessive permissions risk, allowing an attacker to execute arbitrary commands on the host system or within the agent's environment. Clarify and strictly define the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it only allows execution of pre-approved, sandboxed, and schema-validated Composio tools. If arbitrary code execution is possible, implement strong sandboxing, input validation, and privilege separation to mitigate command injection risks. Consider if this broad capability is truly necessary for the skill's intended function.	LLM	SKILL.md:68
MEDIUM	Unpinned dependency in manifest The skill manifest specifies a dependency on 'rube' MCP without a version constraint. This can lead to supply chain risks where updates to the 'rube' MCP could introduce vulnerabilities, breaking changes, or malicious code without the skill author's explicit approval or awareness. It's best practice to pin dependencies to specific versions or ranges. Pin the 'rube' MCP dependency to a specific version or a version range in the manifest's 'requires' section to ensure consistent and secure behavior.	LLM	SKILL.md:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8bbd9dd4fc088a5b.svg)](https://skillshield.io/report/8bbd9dd4fc088a5b)