Security Audit
ko-fi-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
ko-fi-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions Granted to Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Excessive Permissions Granted to Rube MCP The skill's manifest requests access to all tools provided by the 'rube' MCP (`mcp: ['rube']`). While the skill's stated purpose is 'ko-fi-automation', this broad permission allows access to any tool within the Rube MCP, including potentially unrelated or more sensitive tools (e.g., `RUBE_REMOTE_WORKBENCH` which can execute `run_composio_tool()`). This violates the principle of least privilege, granting more access than necessary for its stated function. Modify the skill's manifest to request only the specific Rube MCP tools or a more granular scope required for Ko Fi automation, rather than the entire 'rube' MCP. If granular permissions are not supported by the platform, consider the inherent risk of using a broad MCP integration. | LLM | SKILL.md:4 |
Scan History
Embed Code
[](https://skillshield.io/report/83999b27967c6332)
Powered by SkillShield