Security Audit
ip2whois-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
ip2whois-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include `RUBE_REMOTE_WORKBENCH` allows arbitrary tool execution, Unpinned external dependencies (Rube MCP, Composio toolkit), Dynamic tool discovery and execution grants broad permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | `RUBE_REMOTE_WORKBENCH` allows arbitrary tool execution The `RUBE_REMOTE_WORKBENCH` tool, particularly with the mention of `run_composio_tool()`, suggests a highly privileged execution environment that could allow the LLM to execute arbitrary Composio tools or even custom code. This grants excessive permissions and opens a path for command injection and data exfiltration if not properly sandboxed and restricted. The documentation does not specify the scope or limitations of `run_composio_tool()`, making it a significant security risk. Clearly define and restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Implement strict sandboxing, input validation, and whitelisting of allowed operations. Provide clear documentation on its security implications and how to use it safely, including any limitations on what `run_composio_tool()` can execute. | LLM | SKILL.md:68 | |
| HIGH | Unpinned external dependencies (Rube MCP, Composio toolkit) The skill relies on external services and toolkits (`rube` MCP and `composio.dev/toolkits/ip2whois`) without specifying fixed versions. The manifest requires `rube` without a version, and the skill explicitly states 'Always search first: Tool schemas change.' This introduces a supply chain risk, as updates to these external components could introduce vulnerabilities, breaking changes, or malicious functionality without the skill author's explicit approval or awareness. Pin dependencies to specific versions or hashes to ensure deterministic behavior and prevent unexpected changes. Implement a robust update strategy that includes security reviews. For dynamically discovered tools, consider implementing a whitelisting or approval process for new or changed tool schemas. | LLM | SKILL.md:1 | |
| MEDIUM | Dynamic tool discovery and execution grants broad permissions The skill's core workflow involves dynamically discovering tools via `RUBE_SEARCH_TOOLS` and then executing them using `RUBE_MULTI_EXECUTE_TOOL`. This design means the LLM's effective permissions are not fixed but are determined by the current set of tools available through the Rube MCP. A compromised Rube MCP or a malicious tool definition could lead the LLM to execute unintended or harmful operations, effectively granting excessive permissions based on external, dynamic input. Implement strict whitelisting or approval mechanisms for tools that can be discovered and executed by the LLM. Ensure that the Rube MCP and its tool definitions are highly secured and regularly audited. Provide mechanisms for administrators to review and approve tool schemas before they are made available to LLMs, especially for sensitive operations. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/1df82deb782dd846)
Powered by SkillShield