Security Audit

more-trees-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

more-trees-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Broad access to external system via dynamic tool execution, Unpinned dependency on external Rube MCP system.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Broad access to external system via dynamic tool execution The skill grants the AI agent broad and dynamic access to all operations exposed by the 'more_trees' toolkit through the Rube MCP. Tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` allow for the execution of arbitrary discovered tools and bulk operations. This means a compromised agent could perform any action available through the More Trees API, leading to significant unauthorized data manipulation or access within the connected system. Implement fine-grained access control within the Rube MCP or More Trees system to limit the scope of actions an agent can perform. Consider whitelisting specific tool slugs or operations if the agent's task is narrow. Regularly review the permissions granted to the Rube MCP connection.	Static	SKILL.md:49
HIGH	Unpinned dependency on external Rube MCP system The skill's manifest declares a dependency on `mcp: ["rube"]` without specifying a version constraint. Additionally, the skill hardcodes the Rube MCP server endpoint `https://rube.app/mcp`. This reliance on an unversioned external system means that any changes, vulnerabilities, or malicious updates to the Rube MCP system or its hosted endpoint could directly compromise the security and functionality of this skill without the ability to pin to a known good version or validate the source. If possible, specify a version constraint for the `rube` MCP dependency in the manifest to ensure predictable behavior and security. Implement mechanisms to validate the integrity and expected behavior of the Rube MCP endpoint before use. Consider hosting a trusted, version-controlled instance of Rube MCP if feasible.	Static	SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/24d89bdae3ab9c1c.svg)](https://skillshield.io/report/24d89bdae3ab9c1c)