Security Audit

linkup-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

linkup-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via Dynamic Tool Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Excessive Permissions via Dynamic Tool Execution The skill grants the LLM broad permissions to dynamically discover and execute a wide range of 'Linkup operations' via `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. The documentation also explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`, which suggests a general-purpose execution environment for Composio tools. This design encourages the LLM to dynamically determine and execute actions, making it difficult to restrict its operational scope. Such broad access to dynamic tool execution, without explicit constraints on the types of tools or operations, constitutes excessive permissions. If the underlying Rube MCP or Composio tools expose sensitive system commands or allow arbitrary code execution, this could lead to command injection, data exfiltration, or unauthorized modifications to external systems. Implement strict allow-lists for `tool_slug` values that the LLM is permitted to execute. Restrict the arguments that can be passed to tools based on a predefined schema. Avoid general-purpose execution environments like `RUBE_REMOTE_WORKBENCH` for LLM agents unless absolutely necessary and with extreme sandboxing. Ensure that the Rube MCP system itself enforces granular permissions and robust input validation for all exposed tools to prevent command injection or other abuses.	LLM	SKILL.md:60

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d0e66cd75d831969.svg)](https://skillshield.io/report/d0e66cd75d831969)