Security Audit
onepage-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
onepage-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill promotes use of highly privileged remote execution tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill promotes use of highly privileged remote execution tool The skill's 'Quick Reference' section explicitly suggests using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. `RUBE_REMOTE_WORKBENCH` combined with `run_composio_tool()` implies the ability to execute arbitrary code or operations within the Composio ecosystem, potentially with broad permissions. This encourages the LLM to use a tool that grants excessive control, which could lead to unintended or malicious actions if misused or if the underlying `composio_tool` is compromised. Clarify the exact scope and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Provide strong warnings about its power and potential for misuse. Consider if such a broad tool should be exposed directly to an LLM without more granular controls or explicit user confirmation for sensitive operations. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/ed61eefb3b4a71d6)
Powered by SkillShield