Trust Assessment
melo-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad tool execution capability via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad tool execution capability via RUBE_REMOTE_WORKBENCH The skill's documentation indicates the use of `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. This function is described as a generic Composio tool executor. While the skill's manifest and description state its purpose is to 'Automate Melo tasks', the `RUBE_REMOTE_WORKBENCH` tool, if not properly scoped by the Rube MCP, could potentially execute any Composio tool available through the MCP, extending beyond Melo-specific operations. This grants the skill broader execution capabilities than its stated purpose suggests, posing a risk of excessive permissions. If the skill is intended solely for Melo operations, evaluate if `RUBE_REMOTE_WORKBENCH` is strictly necessary or if its usage can be constrained to only Melo-specific tools. Ensure the Rube MCP itself enforces strict scope limitations for tools exposed to this skill, preventing execution of non-Melo related Composio tools. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/685599f9b7b9f136)
Powered by SkillShield