Security Audit
news-api-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
news-api-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Broad Execution Capabilities via RUBE_REMOTE_WORKBENCH, Broad Connection Management Permissions, High Dependency on External Tool Definition Integrity.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Execution Capabilities via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. The term 'workbench' typically implies a powerful, broad execution environment. Without explicit sandboxing or scope limitations, this tool could potentially allow arbitrary code execution, shell command injection, or access to the underlying file system and environment variables, leading to data exfiltration or system compromise. Clearly define and restrict the capabilities of `RUBE_REMOTE_WORKBENCH`. Implement strict sandboxing, allowlisting of commands/operations, and ensure it cannot access sensitive system resources or execute arbitrary code. Provide explicit documentation on its security implications. | LLM | SKILL.md:80 | |
| HIGH | High Dependency on External Tool Definition Integrity The skill explicitly instructs the LLM to 'Always search first: Tool schemas change. Never hardcode tool slugs or arguments without calling `RUBE_SEARCH_TOOLS`'. This makes the LLM's execution path highly dependent on the integrity and trustworthiness of the `RUBE_SEARCH_TOOLS` output. If the Rube MCP or the external tool definitions it provides are compromised, malicious tool schemas or execution plans could be returned, leading the LLM to execute harmful operations (e.g., command injection, data exfiltration) via `RUBE_MULTI_EXECUTE_TOOL`. This represents a significant supply chain risk where the LLM's behavior can be manipulated by an external, potentially untrusted source. Implement strong validation and sanitization of tool schemas and execution plans returned by `RUBE_SEARCH_TOOLS`. Consider implementing a trust boundary or allowlist for tool definitions. Warn users about the risks of executing tools from untrusted or compromised MCPs. Ensure the LLM is designed to critically evaluate and confirm actions based on dynamically provided tool definitions. | LLM | SKILL.md:66 | |
| MEDIUM | Broad Connection Management Permissions The `RUBE_MANAGE_CONNECTIONS` tool allows managing connections for the `news_api` toolkit. This capability is broad and, if misused, could allow an attacker to create or modify connections to malicious endpoints, redirect data, or expose sensitive connection details. The skill does not specify any restrictions on what 'manage' entails. Implement granular access controls for `RUBE_MANAGE_CONNECTIONS`. Clearly define and limit the types of modifications or creations allowed. Ensure that connection details are handled securely and not exposed to the LLM or untrusted inputs. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/bcdea99681803cbb)
Powered by SkillShield