Security Audit

npm-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

npm-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad NPM Tool Execution Permissions, Potential Command Injection via Generic Execution Interface.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Broad NPM Tool Execution Permissions The skill grants the LLM broad permissions to execute arbitrary NPM tools via `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. The documentation encourages dynamic tool discovery and execution, allowing the LLM to potentially perform any operation supported by the underlying NPM toolkit. This excessive level of access significantly increases the attack surface and allows for a wide range of potentially malicious actions if the LLM's inputs are compromised, including system modification or data exfiltration. Restrict the set of executable NPM tools to a minimum necessary for the skill's function. Implement a strict whitelist of allowed tool slugs and arguments. Ensure the underlying Rube MCP and NPM toolkit operate within a strictly sandboxed environment with least privilege.	LLM	SKILL.md:49
HIGH	Potential Command Injection via Generic Execution Interface The skill exposes `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as interfaces for performing NPM operations. If an attacker can manipulate the `tool_slug` or `arguments` passed to `RUBE_MULTI_EXECUTE_TOOL`, or the parameters for `run_composio_tool()`, and if the underlying NPM tools execute shell commands based on these inputs, this creates a direct command injection vulnerability. The `RUBE_REMOTE_WORKBENCH` in particular suggests a powerful, generic execution capability that could be abused to run arbitrary commands. Implement robust input validation and sanitization for all arguments passed to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Ensure that any underlying shell commands executed by NPM tools are properly escaped and do not directly incorporate untrusted input. Consider a human approval step for any execution involving `RUBE_REMOTE_WORKBENCH` or sensitive NPM operations.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b532b9b792bc008a.svg)](https://skillshield.io/report/b532b9b792bc008a)