Security Audit
logo-dev-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
logo-dev-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Dynamic Tool Execution with Broad Scope.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Dynamic Tool Execution with Broad Scope The skill's documentation encourages dynamic discovery and execution of any tool within the `logo_dev` toolkit via `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. This pattern grants the LLM agent broad access to all functionalities exposed by the `logo_dev` toolkit. If the `logo_dev` toolkit contains tools with sensitive or destructive capabilities, a compromised LLM could be prompted to execute unauthorized actions without specific restrictions defined within the skill itself. Implement granular access control within the `logo_dev` toolkit or the Rube MCP to restrict which tools can be discovered and executed by an LLM agent. Alternatively, the skill itself could be modified to explicitly whitelist or blacklist specific `tool_slug` values, or to require human approval for sensitive operations before execution. | LLM | SKILL.md:48 |
Scan History
Embed Code
[](https://skillshield.io/report/178e7dd23b093069)
Powered by SkillShield