Security Audit
lodgify-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
lodgify-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Broad access to Lodgify operations via Rube MCP tools, Reliance on external Rube MCP service introduces supply chain risk, `RUBE_REMOTE_WORKBENCH` may allow arbitrary code execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Reliance on external Rube MCP service introduces supply chain risk The skill is entirely dependent on the `https://rube.app/mcp` service for all its functionality. If the Rube MCP service or its infrastructure were compromised, or if the service itself became malicious, it could directly impact the security and integrity of all Lodgify operations performed through this skill. Users are implicitly trusting a third-party service with access to their Lodgify account. Users should perform due diligence on the security practices and trustworthiness of `rube.app`. For the skill provider, consider adding a clear disclaimer about the third-party dependency and its implications. | LLM | SKILL.md:23 | |
| MEDIUM | Broad access to Lodgify operations via Rube MCP tools The skill provides access to a wide range of 'Lodgify operations' through powerful tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. While the specific scope depends on the underlying Lodgify toolkit and user-granted permissions, these tools inherently allow for significant control over a Lodgify account. A compromised or maliciously prompted LLM could leverage this broad access to perform unauthorized actions (e.g., modify bookings, delete properties) or exfiltrate sensitive data (e.g., guest information). The skill does not define or restrict the scope of these operations beyond what the underlying Rube MCP integration allows. Recommend clarifying the specific permissions required by the Lodgify toolkit within Rube MCP. Advise users to review and, if possible, restrict the scope of access granted during the `RUBE_MANAGE_CONNECTIONS` authentication process to the minimum necessary for intended operations. | LLM | SKILL.md:40 | |
| MEDIUM | `RUBE_REMOTE_WORKBENCH` may allow arbitrary code execution The `RUBE_REMOTE_WORKBENCH` tool, particularly when used with `run_composio_tool()`, raises concerns about potential command injection. While the intent appears to be executing specific Composio tools, the term 'workbench' and 'remote' could imply a broader capability for arbitrary code execution or shell commands if not properly sandboxed and restricted. A malicious input could potentially exploit this to execute unintended commands on the remote system. Provide explicit documentation on the security model, sandboxing, and whitelisting mechanisms of `RUBE_REMOTE_WORKBENCH`. Confirm that it strictly limits execution to predefined, safe Composio tools and prevents arbitrary code or shell command injection. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/66de3cafc3c28e5d)
Powered by SkillShield