Security Audit
membervault-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
membervault-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad dynamic tool execution capability.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad dynamic tool execution capability The skill instructs the LLM to dynamically discover and execute any available Membervault operation via `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. This grants the LLM broad access to the Membervault API, allowing it to perform any action exposed by the Rube toolkit. While this is the intended functionality for automation, it means a compromised LLM could be manipulated via prompt injection to perform destructive or unauthorized actions within Membervault by selecting and executing arbitrary tools. Implement stricter access controls on the Rube MCP toolkit itself, or provide more granular, purpose-specific sub-skills instead of a single skill that exposes the entire API surface dynamically. Ensure robust prompt engineering and LLM safety guardrails are in place to prevent misuse. | LLM | SKILL.md:54 |
Scan History
Embed Code
[](https://skillshield.io/report/9179d3448b8e714c)
Powered by SkillShield