Security Audit

hypeauditor-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

hypeauditor-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include `RUBE_REMOTE_WORKBENCH` implies arbitrary code execution, `RUBE_MULTI_EXECUTE_TOOL` allows execution of any discovered tool.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	`RUBE_REMOTE_WORKBENCH` implies arbitrary code execution The skill documentation explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for "Bulk ops". This suggests a capability to execute arbitrary code or complex operations within the Rube environment. If an attacker can manipulate the arguments passed to `run_composio_tool()`, it could lead to command injection or execution of unintended functions with broad permissions. The scope and safety mechanisms of `run_composio_tool()` are not defined, making it a high-risk entry point for an AI agent to be prompted into executing malicious commands. Clarify and restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that `run_composio_tool()` only executes a predefined, safe set of operations and that its arguments are strictly validated and sanitized. If it allows arbitrary code, it should be removed or heavily sandboxed.	LLM	SKILL.md:77
MEDIUM	`RUBE_MULTI_EXECUTE_TOOL` allows execution of any discovered tool The skill instructs the agent to use `RUBE_SEARCH_TOOLS` to discover available tools and then `RUBE_MULTI_EXECUTE_TOOL` to execute them using `TOOL_SLUG_FROM_SEARCH`. While the skill is for "Hypeauditor Automation," there is no explicit restriction that `RUBE_SEARCH_TOOLS` will only return Hypeauditor tools, or that `RUBE_MULTI_EXECUTE_TOOL` will only execute Hypeauditor tools. An attacker could craft a prompt to make the agent search for and execute tools from other, potentially more privileged or unrelated toolkits available via Rube, leading to actions outside the intended scope of this skill. Implement explicit filtering or validation within the agent's logic to ensure that `RUBE_MULTI_EXECUTE_TOOL` is only used with tool slugs belonging to the `hypeauditor` toolkit, or other explicitly allowed toolkits. The `RUBE_SEARCH_TOOLS` query could also be made more specific to `hypeauditor` tools.	LLM	SKILL.md:49

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/127d906821147d30.svg)](https://skillshield.io/report/127d906821147d30)