Security Audit
minerstat-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
minerstat-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unverified External Dependency (Rube MCP), Broad Execution Capabilities via RUBE_REMOTE_WORKBENCH, Potential Command/Code Injection via Tool Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified External Dependency (Rube MCP) The skill relies entirely on an external, unverified Rube MCP endpoint (`https://rube.app/mcp`) and Composio toolkits. There is no version pinning or explicit trust mechanism for these external services, posing a significant supply chain risk. A compromise of `rube.app` or the Composio toolkit could lead to arbitrary code execution, data exfiltration, or other malicious activities. Implement robust verification for external MCPs and toolkits. Consider version pinning or cryptographic verification of tool schemas/binaries. Document the trust model for `rube.app` and Composio toolkits, and ensure they adhere to security best practices. | LLM | SKILL.md:20 | |
| HIGH | Broad Execution Capabilities via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to offer broad execution capabilities within the Composio ecosystem, potentially allowing the LLM to perform arbitrary operations or execute code if not properly sandboxed and restricted. This grants excessive permissions to the AI agent, increasing the attack surface. Restrict access to `RUBE_REMOTE_WORKBENCH` or ensure its execution environment is heavily sandboxed and its capabilities are strictly limited to predefined, safe operations. Provide clear documentation on the security implications of this tool and how to mitigate risks when exposing it to an AI agent. | LLM | SKILL.md:70 | |
| MEDIUM | Potential Command/Code Injection via Tool Arguments The `RUBE_MULTI_EXECUTE_TOOL` allows the LLM to pass arbitrary `arguments` to underlying Minerstat tools. If these tools do not rigorously validate and sanitize all inputs, or if they expose functionalities that can be coerced into executing shell commands, accessing the file system, or performing other unauthorized operations, it could lead to command or code injection. While the skill advises 'schema compliance', this alone does not guarantee safety against all forms of malicious input. Ensure all underlying Minerstat tools executed via `RUBE_MULTI_EXECUTE_TOOL` implement strict input validation and sanitization. Tools should operate within a least-privilege environment and avoid exposing any functionality that could lead to arbitrary code execution or file system manipulation based on user-supplied arguments. The skill documentation should also explicitly warn about input sanitization. | LLM | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/22b0235e179398bb)
Powered by SkillShield