Security Audit
nano-nets-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
nano-nets-automation received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Dynamic Tool Execution Grants Excessive Permissions, Vague `RUBE_REMOTE_WORKBENCH` Tool Suggests Excessive Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dynamic Tool Execution Grants Excessive Permissions The skill's core workflow involves dynamically discovering tools via `RUBE_SEARCH_TOOLS` and then executing them using `RUBE_MULTI_EXECUTE_TOOL`. This design allows the skill to execute any tool exposed by the Rube MCP for Nano Nets, without explicit whitelisting or restriction within the skill itself. If the underlying Rube/Nano Nets ecosystem exposes tools with broad system access (e.g., filesystem, network, arbitrary code execution), the skill inherits these excessive permissions, potentially leading to data exfiltration or command injection if a malicious tool is discovered or invoked. Implement a whitelist or explicit approval mechanism for tools that can be executed by the skill. Restrict `RUBE_MULTI_EXECUTE_TOOL` to a predefined set of safe tool slugs or capabilities, rather than executing any dynamically discovered tool. | LLM | SKILL.md:49 | |
| HIGH | Vague `RUBE_REMOTE_WORKBENCH` Tool Suggests Excessive Permissions The skill exposes `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for "Bulk ops". The term "workbench" and the generic `run_composio_tool()` function are highly suggestive of an environment that could allow arbitrary code execution or broad system access, going beyond the stated purpose of "Nano Nets Automation". Without clear documentation on the capabilities and restrictions of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, this presents a significant risk of excessive permissions, potentially leading to command injection or data exfiltration. Provide explicit documentation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, detailing their exact capabilities and any security restrictions. If the tool allows arbitrary code execution or broad system access, it should be removed or its usage severely restricted and documented as a critical security risk. Consider if this tool is truly necessary for "Nano Nets Automation" or if more granular, purpose-built tools should be used instead. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/4db1673a3d3a98bf)
Powered by SkillShield