Security Audit

NetSuite Automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

NetSuite Automation received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary SuiteQL Query Execution Leading to Data Exfiltration, Broad Record Manipulation via `NETSUITE_UPSERT_RECORD_BY_EXTERNAL_ID`, Information Disclosure via `NETSUITE_GET_RECORD_METADATA`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

3 findings

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Arbitrary SuiteQL Query Execution Leading to Data Exfiltration The `NETSUITE_RUN_SUITEQL_QUERY` tool allows the execution of arbitrary SuiteQL SELECT statements via the `q` parameter. This capability represents a significant command injection vulnerability. If an attacker can manipulate the LLM through prompt injection to generate and execute malicious SuiteQL queries, they could exfiltrate sensitive data from the NetSuite ERP system, including customer information, financial records, and other confidential business data, limited only by the permissions of the connected NetSuite user. 1. Principle of Least Privilege: Strictly limit the NetSuite user account's permissions used by the Rube MCP connection. It should only have access to the minimum necessary data and operations required for legitimate skill functions, and ideally, no access to highly sensitive or confidential data. 2. Input Validation and Whitelisting: Implement robust validation and whitelisting for the `q` parameter within the tool's implementation. Instead of allowing arbitrary SQL, restrict queries to predefined safe patterns, specific tables/views, or disallow dangerous keywords and functions. 3. LLM Guardrails: Implement strong guardrails and input validation within the LLM application layer to prevent the generation and execution of malicious or overly broad SQL queries based on untrusted user input.	LLM	SKILL.md:49
HIGH	Broad Record Manipulation via `NETSUITE_UPSERT_RECORD_BY_EXTERNAL_ID` The `NETSUITE_UPSERT_RECORD_BY_EXTERNAL_ID` tool allows creating or updating records of any specified `record_type` with arbitrary `body` content. This broad access, if exploited through prompt injection, could lead to data corruption, unauthorized record creation (e.g., fraudulent invoices, customers), or modification of critical business data within NetSuite. The impact is limited only by the permissions of the connected NetSuite user. 1. Restrict NetSuite User Permissions: Ensure the NetSuite user account used by the Rube MCP connection has granular permissions, allowing upsert operations only on specific record types and fields necessary for the skill's legitimate functions. 2. Implement Record Type Whitelisting: If possible, modify the underlying tool implementation to whitelist allowed `record_type` values, preventing the LLM from attempting to manipulate unauthorized record types. 3. Schema Validation and Field Restrictions: Implement strict schema validation and field-level restrictions on the `body` parameter to prevent the creation or modification of sensitive or critical fields that should not be exposed to LLM control. 4. LLM Guardrails: Implement strong guardrails and input validation within the LLM application layer to prevent malicious or unauthorized record manipulation based on untrusted user input.	LLM	SKILL.md:90
MEDIUM	Information Disclosure via `NETSUITE_GET_RECORD_METADATA` The `NETSUITE_GET_RECORD_METADATA` tool allows retrieving the full schema and field definitions for any specified `record_type`. While useful for legitimate operations, this capability could be exploited via prompt injection to perform reconnaissance on the NetSuite instance, revealing the structure of sensitive custom records or internal data models. This information could then be used to craft more targeted data exfiltration or manipulation attacks using other tools like `NETSUITE_RUN_SUITEQL_QUERY` or `NETSUITE_UPSERT_RECORD_BY_EXTERNAL_ID`. 1. Restrict NetSuite User Permissions: Ensure the NetSuite user account used by the Rube MCP connection has granular permissions, limiting access to metadata only for record types essential for the skill's legitimate functions. 2. Implement Record Type Whitelisting: If possible, modify the underlying tool implementation to whitelist allowed `record_type` values for metadata retrieval, preventing the LLM from querying schemas of unauthorized or highly sensitive record types. 3. LLM Guardrails: Implement guardrails to prevent the LLM from querying metadata for an excessive number of record types or for types that are not directly relevant to the user's request.	LLM	SKILL.md:109

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a50b421e8d7a5894.svg)](https://skillshield.io/report/a50b421e8d7a5894)