Security Audit

intelliprint-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

intelliprint-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH, Untrusted Input Passed to Rube MCP Tool Arguments, Broad Access to Rube MCP and Connection Management.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

48%

Behavioral Risk Signals

Shell Execution

3 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. The term 'workbench' often implies an environment where arbitrary code or commands can be executed. If `run_composio_tool()` allows execution of arbitrary code or system commands, or if the `RUBE_REMOTE_WORKBENCH` itself provides an execution environment that can be manipulated by untrusted input, it represents a critical command injection vulnerability. This could allow an attacker to execute arbitrary commands on the host system or within the Rube MCP environment, leading to full compromise. Clarify the exact capabilities and security model of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that untrusted input cannot directly control the code or commands executed. If it's intended for code execution, implement strict sandboxing, input validation, and least privilege principles to prevent arbitrary command injection.	LLM	SKILL.md:70
HIGH	Untrusted Input Passed to Rube MCP Tool Arguments The skill instructs the host LLM to use `RUBE_SEARCH_TOOLS` with `queries` and `RUBE_MULTI_EXECUTE_TOOL` with `arguments`. These parameters are expected to be filled by the LLM, potentially based on untrusted user input. If user input containing malicious instructions or commands is directly inserted into `use_case`, `known_fields`, or `arguments` without proper sanitization, it could lead to prompt injection against the Rube MCP system or the underlying Intelliprint tools. This could manipulate the tool's behavior, cause it to perform unintended actions, or even execute arbitrary commands if the tool arguments are interpreted as code or commands by the Rube system. Implement robust input validation and sanitization for all user-provided inputs that feed into `use_case`, `known_fields`, and `arguments` for Rube MCP tools. The LLM should be explicitly instructed to treat these inputs as data only and to escape or filter any potentially malicious characters or instructions before passing them to the tools. The skill developer should provide clear guidelines on how the LLM should handle and validate user input for these parameters.	LLM	SKILL.md:40
MEDIUM	Broad Access to Rube MCP and Connection Management The skill grants access to a suite of Rube MCP tools, including `RUBE_SEARCH_TOOLS`, `RUBE_MANAGE_CONNECTIONS`, `RUBE_MULTI_EXECUTE_TOOL`, and `RUBE_REMOTE_WORKBENCH`. The `RUBE_MANAGE_CONNECTIONS` tool can initiate and manage connections to the `intelliprint` toolkit, potentially involving authentication flows ('follow the returned auth link'). This broad access, especially the ability to manage connections and execute 'bulk ops' via a 'workbench', suggests a high level of privilege within the Rube MCP ecosystem. Without clear constraints on what specific Intelliprint operations are allowed or how connection management is secured, this could lead to unauthorized access or manipulation of Intelliprint resources. Implement granular access controls within Rube MCP to restrict the specific Intelliprint operations that can be performed by this skill. Ensure that connection management operations require explicit user confirmation or are limited to pre-approved configurations. Provide clear documentation on the exact scope of permissions granted by each Rube tool and the security implications of managing connections.	LLM	SKILL.md:28

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/3491b706c33fb761.svg)](https://skillshield.io/report/3491b706c33fb761)