Security Audit
mocean-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
mocean-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted input to Rube MCP tools can lead to Prompt/Command Injection, Broad access to Rube MCP tools enables excessive agent permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted input to Rube MCP tools can lead to Prompt/Command Injection The skill instructs the agent to use Rube MCP tools (`RUBE_SEARCH_TOOLS`, `RUBE_MULTI_EXECUTE_TOOL`, `RUBE_REMOTE_WORKBENCH`) with parameters that are expected to be dynamically generated, potentially from untrusted user input (e.g., `use_case`, `arguments`). If these parameters are not rigorously sanitized before being passed to the Rube MCP system, a malicious user could inject instructions to manipulate the underlying LLM (prompt injection) or execute arbitrary commands (command injection), especially via `RUBE_REMOTE_WORKBENCH` which is described for 'bulk ops' and `run_composio_tool()` suggesting a powerful execution environment. Implement strict input validation and sanitization for all parameters passed to Rube MCP tools, especially those derived from user input. Ensure the Rube MCP environment and underlying tools are sandboxed and enforce least privilege. Avoid directly passing raw user input to `use_case` or `arguments` without an intermediary validation/sanitization layer. | LLM | SKILL.md:75 | |
| HIGH | Broad access to Rube MCP tools enables excessive agent permissions The skill utilizes Rube MCP tools such as `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`, which provide extensive capabilities, including the execution of any discovered Mocean tool and potentially arbitrary operations via the 'workbench'. While the skill itself doesn't define permissions, its reliance on these powerful tools means that the agent, when executing this skill, will operate with a broad scope of actions within the Mocean ecosystem. This increases the attack surface if the agent's input is compromised or if the underlying Rube MCP system is not sufficiently sandboxed. Review the necessity of granting access to `RUBE_REMOTE_WORKBENCH` and the full scope of `RUBE_MULTI_EXECUTE_TOOL`. Implement fine-grained access controls within the Rube MCP system to limit the specific Mocean operations an agent can perform. Ensure the agent operates with the principle of least privilege. | LLM | SKILL.md:75 |
Scan History
Embed Code
[](https://skillshield.io/report/ebd4a98bfba1229e)
Powered by SkillShield