Security Audit
ip2location-io-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
ip2location-io-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Broad Tool Access via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Broad Tool Access via Rube MCP The skill grants the LLM access to execute any tool within the 'ip2location_io' toolkit via `RUBE_MULTI_EXECUTE_TOOL`. While intended for automation, this broad access means the LLM can potentially perform any operation offered by the underlying Ip2location IO API, including sensitive or destructive actions, if such tools exist within the toolkit. The skill does not implement any restrictions on which specific tools from 'ip2location_io' can be called, effectively exposing the full API surface to the LLM. If the 'ip2location_io' toolkit contains highly sensitive or destructive operations, consider restricting the set of accessible tools to only those strictly necessary for the skill's core purpose. Alternatively, clearly document the full scope of capabilities and associated risks for users and implement guardrails within the LLM's prompt to prevent misuse. | LLM | SKILL.md:53 |
Scan History
Embed Code
[](https://skillshield.io/report/cbd505e64df39f6e)
Powered by SkillShield