Security Audit
idea-scale-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
idea-scale-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill grants excessive permissions via generic tool execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill grants excessive permissions via generic tool execution The skill, advertised for 'Idea Scale automation', explicitly references `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. `RUBE_REMOTE_WORKBENCH` is a generic Composio tool that allows executing arbitrary Composio tools, not just those related to Idea Scale. This grants the agent broader capabilities than implied by the skill's name and description, potentially leading to unintended actions or access to unrelated systems if the underlying Rube connection has broad permissions. Restrict the skill's capabilities to only Idea Scale-specific tools, or clearly document the broader scope and potential implications. If `RUBE_REMOTE_WORKBENCH` is necessary, ensure it's used with strict input validation or within a sandboxed environment that limits its scope to Idea Scale. Consider creating a more specific Rube tool for Idea Scale bulk operations if possible. | LLM | SKILL.md:65 |
Scan History
Embed Code
[](https://skillshield.io/report/cf83368ad9ab616a)
Powered by SkillShield