Security Audit

openrouter-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openrouter-automation received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Excessive Permissions due to Dynamic Tool Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and the function `run_composio_tool()` strongly suggest the ability to execute arbitrary Composio tools or code. Without strict input validation and sandboxing, this could allow an attacker to inject malicious commands or tool calls, leading to unauthorized actions, data manipulation, or system compromise. The skill does not specify any safeguards for this powerful operation. Implement strict input validation and sandboxing for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that only whitelisted tools and arguments can be executed, and that user-provided input cannot be directly interpreted as commands or tool names. Provide clear documentation on the security implications and usage guidelines for this powerful tool.	LLM	SKILL.md:70
MEDIUM	Excessive Permissions due to Dynamic Tool Execution The skill promotes a core workflow pattern of dynamically discovering tools via `RUBE_SEARCH_TOOLS` and then executing them via `RUBE_MULTI_EXECUTE_TOOL`. This grants the LLM broad capabilities to perform any operation available within the `openrouter` toolkit, or potentially other Composio tools. If the `openrouter` toolkit contains sensitive operations (e.g., account management, data deletion, financial transactions), and the LLM is not sufficiently constrained by the host environment, this dynamic execution model could lead to unauthorized or unintended actions based on user prompts. The skill itself does not define any scope limitations for tool execution. Implement fine-grained access control for the tools exposed through Rube MCP. The host LLM environment should restrict the set of tools that can be executed or limit the arguments that can be passed to sensitive tools. Consider requiring explicit user confirmation for high-impact operations. The skill documentation should advise users on how to configure such restrictions.	LLM	SKILL.md:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/133bf8dc83bdcca8.svg)](https://skillshield.io/report/133bf8dc83bdcca8)