Security Audit
jigsawstack-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
jigsawstack-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution via RUBE_REMOTE_WORKBENCH The skill exposes `RUBE_REMOTE_WORKBENCH` which can execute `run_composio_tool()`. This function is described as a generic 'Bulk ops' mechanism and is not explicitly scoped to only Jigsawstack-related tools within the skill's documentation. If the Rube MCP (Managed Control Plane) has other toolkits connected, this could allow the LLM to execute tools from those other toolkits, potentially granting it permissions beyond the intended scope of Jigsawstack automation. This could lead to unintended actions or access to sensitive resources if other tools have broader capabilities (e.g., file system access, network requests, credential management). Restrict `RUBE_REMOTE_WORKBENCH` to only execute tools from the `jigsawstack` toolkit, or provide clear documentation on its scope and potential implications. If `run_composio_tool()` is inherently restricted by the MCP based on the calling skill's context, this should be explicitly stated in the skill's documentation. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/d29d631551dc413f)
Powered by SkillShield