Security Audit
leadoku-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
leadoku-automation received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Third-Party MCP Dependency, Broad Tool Execution Capability via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Third-Party MCP Dependency The skill explicitly instructs users to add `https://rube.app/mcp` as an MCP server. This constitutes an unpinned dependency on an external third-party service. There is no version pinning or integrity check mechanism specified. If `rube.app` were compromised or became malicious, any agent using this skill would be exposed to a supply chain attack, as the MCP could serve malicious tools or instructions without detection. Implement version pinning or cryptographic integrity checks for external MCPs. For example, specify a hash of the expected MCP content or a specific version. Advise users to verify the source and integrity of external MCPs before integration. | LLM | SKILL.md:20 | |
| MEDIUM | Broad Tool Execution Capability via RUBE_REMOTE_WORKBENCH The skill promotes the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. This tool, by its nature, allows the execution of *any* Composio tool available through the Rube MCP, not just those specifically related to Leadoku. This grants a very broad scope of action to the agent using this skill, potentially beyond the intended 'Leadoku automation' purpose, if the agent is prompted to use `RUBE_REMOTE_WORKBENCH` for other tasks. This introduces a wider attack surface than a more narrowly scoped tool. If the skill's intent is strictly Leadoku automation, consider if `RUBE_REMOTE_WORKBENCH` is truly necessary or if a more narrowly scoped tool would suffice. If it is necessary, clearly document the broad capabilities and potential risks to users. Ensure that the agent's prompts are carefully crafted to prevent misuse of this powerful tool. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/5d8e7f7edc8f4071)
Powered by SkillShield