Security Audit
identitycheck-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
identitycheck-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions: Broad Rube MCP Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions: Broad Rube MCP Access The skill's manifest requires access to the entire 'rube' MCP toolkit, which provides generic functions like `RUBE_SEARCH_TOOLS`, `RUBE_MANAGE_CONNECTIONS`, and `RUBE_MULTI_EXECUTE_TOOL`. While the skill's stated purpose is 'Identitycheck Automation', the requested permission grants the agent the ability to discover, manage connections for, and execute tools from *any* toolkit available via Rube MCP, not just 'identitycheck'. This broad access could allow an agent to perform actions outside the intended scope of the skill. If possible, request more granular permissions for the Rube MCP toolkit, specifically limiting access to 'identitycheck' operations (e.g., `mcp: ["rube:identitycheck"]`). If granular permissions are not supported, update the skill's description to explicitly state that it grants access to all Rube MCP capabilities, not just Identitycheck, to ensure transparency for users and administrators. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/67c7a3613fbf41be)
Powered by SkillShield