Security Audit
instacart-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
instacart-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad tool execution via RUBE_REMOTE_WORKBENCH The skill documentation recommends using `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. This tool appears to allow the execution of arbitrary Composio tools available through the Rube MCP. If the Rube MCP is configured with toolkits beyond Instacart, an agent granted access to this skill (and thus `RUBE_REMOTE_WORKBENCH`) could potentially execute operations in other connected systems, exceeding the stated scope of 'instacart-automation'. This represents an excessive permission if not properly constrained. Ensure that the `RUBE_REMOTE_WORKBENCH` tool, when used in conjunction with this skill, is strictly configured to only access and execute Instacart-related Composio tools. Alternatively, if `RUBE_REMOTE_WORKBENCH` is intended to be general-purpose, ensure the agent's overall permissions are appropriately scoped and that the skill's description accurately reflects its broader capabilities. | LLM | SKILL.md:65 |
Scan History
Embed Code
[](https://skillshield.io/report/6e0b509710c56c76)
Powered by SkillShield