Security Audit
helcim-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
helcim-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for arbitrary tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for arbitrary tool execution via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This suggests a powerful capability to execute Composio tools. If `run_composio_tool()` allows arbitrary tool slugs and arguments, or even arbitrary code execution, it could be exploited by a malicious prompt to perform unauthorized actions within Helcim or on the underlying system if not properly sandboxed. This grants excessive permissions to the agent. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that `run_composio_tool()` is strictly sandboxed and only allows execution of explicitly permitted and safe operations, preventing arbitrary code execution or access to sensitive system resources. Implement strict input validation and authorization checks for any arguments passed to `run_composio_tool()`. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/08751b9426efd264)
Powered by SkillShield