Security Audit

kickbox-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

kickbox-automation received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Tool grants broad, potentially arbitrary execution capabilities, Tool grants access to sensitive authentication flows.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Tool grants broad, potentially arbitrary execution capabilities The `RUBE_REMOTE_WORKBENCH` tool, described for 'Bulk ops' and using `run_composio_tool()`, suggests a highly privileged execution environment. This capability, when exposed to an LLM, could allow a malicious prompt to perform a wide range of complex or arbitrary operations within the Composio ecosystem. This could lead to unauthorized data manipulation, service disruption, or resource exhaustion if the underlying `run_composio_tool()` allows for sufficiently broad actions without strict sandboxing or validation. Implement strict guardrails and input validation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Clearly define and limit the scope of operations that can be performed. Ensure that the LLM's access to this tool is carefully controlled, and that it cannot be used to execute arbitrary, unapproved commands or access sensitive resources. All operations should be subject to robust authorization checks.	LLM	SKILL.md:68
MEDIUM	Tool grants access to sensitive authentication flows The `RUBE_MANAGE_CONNECTIONS` tool, as described, requires the LLM to interact with 'auth links' to complete connection setup for Kickbox. If a malicious user can craft a prompt to extract or redirect these authentication links, it could lead to credential harvesting, session hijacking, or unauthorized access to the user's Kickbox account. The skill grants the LLM the capability to receive and potentially process these sensitive URLs. Implement strict guardrails around the `RUBE_MANAGE_CONNECTIONS` tool, especially concerning the handling and display of authentication links. Ensure that auth links are not directly exposed to the LLM in a way that allows extraction, and that any redirection or interaction is strictly sandboxed and user-confirmed. Consider if the LLM truly needs to 'follow' the link, or if it should simply present it to the user for manual action.	LLM	SKILL.md:28

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/885755ff81511073.svg)](https://skillshield.io/report/885755ff81511073)