Security Audit
hyperbrowser-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
hyperbrowser-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Broad Tool Execution Capabilities via Rube MCP, User-controlled input in RUBE_SEARCH_TOOLS 'use_case' parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill exposes `RUBE_REMOTE_WORKBENCH` which allows `run_composio_tool()`. This function implies the ability to execute arbitrary Composio tools. If the arguments passed to `run_composio_tool()` are derived from untrusted user input and are not rigorously sanitized by the Rube MCP system or the underlying Composio tools, an attacker could inject malicious commands or code. This could lead to arbitrary code execution within the environment where Composio tools operate. Implement strict input validation and sanitization for all arguments passed to `run_composio_tool()` within the Rube MCP system. Ensure that the Composio tools themselves are designed to prevent command injection. Consider restricting the set of tools available via `RUBE_REMOTE_WORKBENCH` or requiring explicit user confirmation for sensitive operations. | LLM | SKILL.md:79 | |
| HIGH | Broad Tool Execution Capabilities via Rube MCP The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` to perform 'Hyperbrowser operations' and 'Bulk ops' by executing various Composio tools. The `SKILL.md` does not define the scope or specific permissions of these underlying tools. This grants the LLM (and by extension, a malicious user) broad capabilities to execute potentially powerful operations without clear restrictions. If the Hyperbrowser/Composio tools have access to sensitive system resources (e.g., filesystem, network, other applications), this broad access could be exploited. Clearly define and restrict the scope of operations that can be performed by Hyperbrowser/Composio tools exposed through Rube MCP. Implement a granular permission model for tool execution. Ensure that the LLM's access to these tools is limited to only what is necessary for its intended function, and that sensitive operations require explicit user confirmation or additional authentication. | LLM | SKILL.md:77 | |
| MEDIUM | User-controlled input in RUBE_SEARCH_TOOLS 'use_case' parameter The skill instructs the LLM to use `RUBE_SEARCH_TOOLS` with a `use_case` parameter, which is directly derived from user input (e.g., 'your specific Hyperbrowser task'). If the Rube MCP system uses this `use_case` string in a prompt to another LLM (e.g., for tool discovery or recommendation) without proper sanitization or isolation, a malicious user could craft a prompt injection attack. This could manipulate the behavior of the downstream LLM, leading to unintended actions or information disclosure. Ensure that the `use_case` parameter is strictly sanitized and isolated when used in any downstream LLM prompts or system commands. Implement robust input validation to prevent malicious prompt fragments. Consider using a separate, isolated LLM call for interpreting user queries for tool search, or using a fixed set of allowed `use_case` values. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/6b3a7ab8ed7602a8)
Powered by SkillShield