Security Audit
hackernews-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
hackernews-automation received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Ambiguous `RUBE_REMOTE_WORKBENCH` functionality poses command injection risk, `RUBE_MULTI_EXECUTE_TOOL` allows execution of any discovered tool, raising excessive permissions concerns.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Ambiguous `RUBE_REMOTE_WORKBENCH` functionality poses command injection risk The skill mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' using `run_composio_tool()`. The term 'workbench' often implies an environment capable of executing complex or arbitrary code/scripts. If `run_composio_tool()` allows execution of arbitrary commands, scripts, or provides access to an unsandboxed environment, it could be exploited for command injection, arbitrary code execution, or to perform actions beyond the intended scope of Hackernews operations. The lack of specific details about its capabilities raises a significant security concern, potentially allowing an attacker to execute malicious code via crafted inputs to the LLM. Provide clear documentation on the security boundaries and capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it operates within a strictly sandboxed environment and only allows execution of predefined, safe operations. If arbitrary code execution is intended, this must be explicitly stated, justified, and accompanied by robust security controls and warnings. | LLM | SKILL.md:60 | |
| MEDIUM | `RUBE_MULTI_EXECUTE_TOOL` allows execution of any discovered tool, raising excessive permissions concerns The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` with `tool_slug` values obtained from `RUBE_SEARCH_TOOLS`. While the skill's context is Hackernews, the `rube` MCP is a general orchestrator. If `RUBE_SEARCH_TOOLS` can discover and `RUBE_MULTI_EXECUTE_TOOL` can execute tools that provide access to sensitive system resources (e.g., filesystem, arbitrary network requests, environment variables) beyond the intended scope of Hackernews, this could lead to excessive permissions. An LLM might be prompted to discover and execute such tools, leading to data exfiltration or other unauthorized actions if not properly constrained. Implement strict access controls and scope limitations for the `rube` MCP. Ensure that `RUBE_SEARCH_TOOLS` only returns tools relevant and safe for the current skill's context (Hackernews in this case). The LLM should be explicitly instructed or constrained to only use tools within the intended domain. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/e67347f1adfe72b4)
Powered by SkillShield