Security Audit

modelry-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

modelry-automation received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions via General-Purpose Tool Execution Engine, Unpinned Dependency in Manifest.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Excessive Permissions via General-Purpose Tool Execution Engine The skill relies on the 'mcp:rube' dependency, which provides access to powerful general-purpose tool execution capabilities, specifically `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools allow the LLM to dynamically discover and execute a wide range of other tools and perform 'bulk ops' by running arbitrary Composio tools. This grants the skill a very broad scope of action, potentially enabling it to interact with and manipulate numerous external services if the underlying Rube MCP system is not sufficiently constrained or if the LLM is compromised. An attacker could leverage this broad access to perform unauthorized actions on connected systems. Review the scope of tools accessible via Rube MCP. Implement strict access controls and least privilege principles within the Rube MCP configuration. Ensure the LLM's use of these powerful tools is heavily constrained and monitored, and that user consent is required for sensitive operations. Consider if a more narrowly scoped set of tools could achieve the desired functionality.	LLM	SKILL.md:50
MEDIUM	Unpinned Dependency in Manifest The skill's manifest specifies a dependency on 'mcp:rube' without a version constraint. This 'unpinned' dependency means that any future update to the 'rube' skill/tool within the 'mcp' ecosystem will be automatically adopted. If a malicious or vulnerable version of 'rube' is published, this skill would inherit it without explicit review, posing a supply chain risk. This could lead to the introduction of backdoors, data exfiltration, or other security compromises. Pin the 'mcp:rube' dependency to a specific, known-good version in the manifest. Regularly review and manually update dependencies to ensure security and stability. Implement automated dependency scanning to detect known vulnerabilities.	LLM	manifest.json:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9d6a8938ea2f7f41.svg)](https://skillshield.io/report/9d6a8938ea2f7f41)