Security Audit
hystruct-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
hystruct-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Tool Execution via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Tool Execution via Rube MCP The skill instructs the LLM on how to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. These tools allow the LLM to execute arbitrary Composio tools via the Rube MCP. This grants overly broad tool access, enabling the LLM to perform a wide range of operations that might not be strictly necessary for Hystruct automation, potentially leading to unintended actions or misuse if the underlying Composio tools have sensitive capabilities. Restrict the scope of tools available through Rube MCP to only those strictly necessary for Hystruct automation. Implement fine-grained access control within Rube MCP to limit which specific Composio tools can be executed by the LLM. If `RUBE_REMOTE_WORKBENCH` is not strictly needed for Hystruct, consider removing its mention or providing a more constrained alternative. Ensure that any Composio tools exposed via Rube MCP are thoroughly vetted for security and least privilege. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/17e66032c3454315)
Powered by SkillShield