Security Audit
microsoft-tenant-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
microsoft-tenant-automation received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Reliance on Unversioned External MCP Endpoint, Exposure to Powerful Administrative Tools with Dynamic Execution, Potential Credential Harvesting via Malicious Auth Links.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Reliance on Unversioned External MCP Endpoint The skill explicitly relies on an external Managed Control Plane (MCP) hosted at `https://rube.app/mcp`. This introduces a supply chain risk. If this external endpoint is compromised, becomes malicious, or changes its behavior without notice (due to lack of version pinning), the tools provided to the LLM could be subverted. This could lead to unauthorized actions, data exfiltration, or other security breaches within the Microsoft Tenant. Implement robust mechanisms to verify the integrity and authenticity of external MCPs. Consider hosting critical MCPs internally or using trusted, version-locked endpoints to prevent unexpected changes. The platform should enforce strict validation of MCP sources. | Static | SKILL.md:16 | |
| HIGH | Exposure to Powerful Administrative Tools with Dynamic Execution The skill instructs the LLM to use powerful tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` (with `run_composio_tool()`) for automating Microsoft Tenant tasks. These tools inherently possess broad administrative capabilities. If the LLM is prompted with untrusted input that influences the `tool_slug`, `arguments`, or operations for these tools, it could lead to unauthorized actions within the Microsoft Tenant, effectively acting as a command injection against the tenant's resources. While the skill advises dynamic discovery and schema compliance, the underlying power of the tools remains a significant risk if the LLM's decision-making process is compromised by malicious input. Implement strict input validation and sanitization for any arguments passed to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Ensure the LLM's access to these tools is gated by strong authorization checks and that it cannot arbitrarily choose `tool_slug` or `arguments` based on untrusted user input. Consider fine-grained permissions for the `microsoft_tenant` toolkit to limit the scope of potential damage. | Static | SKILL.md:39 | |
| MEDIUM | Potential Credential Harvesting via Malicious Auth Links The setup process for the Microsoft Tenant connection involves following an 'auth link' returned by `RUBE_MANAGE_CONNECTIONS`. If the `RUBE_MANAGE_CONNECTIONS` tool, or the underlying Rube MCP, is compromised, it could return a malicious authentication link. If the LLM is instructed to follow this link, it could lead to a phishing attack or credential harvesting from the user, as the user would be directed to an untrusted external site to complete authentication. The platform should implement safeguards to validate the authenticity and safety of any URLs returned by tools before presenting them to the user or instructing the LLM to follow them. Users should be explicitly warned about external links and advised to verify their legitimacy before proceeding with authentication. | Static | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/083957dd56af3c6f)
Powered by SkillShield