Security Audit
ip2whois-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
ip2whois-automation received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad connection management permissions via RUBE_MANAGE_CONNECTIONS, Potential arbitrary code/tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential arbitrary code/tool execution via RUBE_REMOTE_WORKBENCH The skill's quick reference section mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'remote workbench' combined with a function to 'run composio tool' strongly suggests a capability to execute arbitrary Composio tools or potentially arbitrary code within a remote environment. If `run_composio_tool()` can accept arbitrary tool slugs, arguments, or code without strict validation and sandboxing, it presents a critical command injection and data exfiltration risk. An attacker could leverage this to execute unintended operations, access sensitive data beyond the scope of Ip2whois, or compromise the remote environment. Provide clear and comprehensive documentation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, detailing their capabilities and security implications. Implement strict controls to ensure that agents are only permitted to execute a predefined, safe subset of tools or operations. The execution environment for the remote workbench must be isolated and rigorously sandboxed to prevent unauthorized access, command injection, or data exfiltration. If this functionality is not strictly necessary for the skill's core purpose, consider removing access to this tool. | Static | SKILL.md:59 | |
| HIGH | Broad connection management permissions via RUBE_MANAGE_CONNECTIONS The skill requires access to the `rube` MCP, which exposes the `RUBE_MANAGE_CONNECTIONS` tool. While the skill's documentation indicates an intent to use this tool for `ip2whois` connections, the `RUBE_MANAGE_CONNECTIONS` tool itself is generic. If not strictly scoped by the Rube platform, this tool could allow an agent to manage (e.g., list, check status, establish, or disconnect) connections for *any* toolkit integrated with Rube, not just `ip2whois`. This grants the agent broad and potentially excessive permissions, which could lead to unauthorized access to other services or denial of service if misused. Ensure that the `RUBE_MANAGE_CONNECTIONS` tool, when exposed to an agent, is strictly scoped to only manage connections for the `ip2whois` toolkit. Implement granular permissions within the Rube platform to prevent agents from managing connections for other toolkits unless explicitly authorized. | Static | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/aba94f35c9a3e0bb)
Powered by SkillShield