Security Audit
owl-protocol-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
owl-protocol-automation received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include User-controlled input to LLM-powered tool, Dependency on external Rube MCP service, Implicit broad access to Owl Protocol operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | User-controlled input to LLM-powered tool The skill instructs the user to provide a `use_case` string for the `RUBE_SEARCH_TOOLS` function. This `use_case` is likely passed directly to an underlying Large Language Model (LLM) within the Rube MCP to interpret the user's intent and find relevant tools. Without proper sanitization or validation, a malicious user could inject instructions into the `use_case` to manipulate the LLM's behavior, potentially leading to unintended actions, information disclosure, or denial of service. Implement robust input validation and sanitization for the `use_case` parameter before passing it to the LLM. Consider using a separate, constrained input field for specific keywords or a structured query language instead of free-form text for sensitive operations. If free-form text is necessary, ensure the LLM is sandboxed and its capabilities are strictly limited. | LLM | SKILL.md:40 | |
| HIGH | Dependency on external Rube MCP service The skill is entirely dependent on the Rube MCP service, specified by the manifest (`"mcp": ["rube"]`) and the provided endpoint (`https://rube.app/mcp`). If the Rube MCP service or its infrastructure is compromised, or if the service itself is malicious, any operations performed through this skill could be intercepted, manipulated, or used for unauthorized purposes, leading to data breaches or system compromise. The skill acts as a client to this external service. Implement strong vetting processes for third-party services like Rube MCP. Monitor the service for security incidents. Consider implementing network egress filtering to restrict communication to only trusted endpoints. Ensure all communications with `rube.app` are encrypted (e.g., HTTPS). The skill user should be aware of the trust placed in this external service. | LLM | SKILL.md:25 | |
| MEDIUM | Implicit broad access to Owl Protocol operations The skill grants access to "Owl Protocol operations" via the Rube MCP and the `owl_protocol` toolkit. The specific scope and granularity of these operations are not defined or constrained within the skill's description. This means the skill implicitly requests and could potentially execute a wide range of actions within the Owl Protocol, depending on the capabilities exposed by the `owl_protocol` toolkit. If the toolkit provides overly broad or administrative functions, the skill could be used to perform actions beyond its intended purpose. The `owl_protocol` toolkit should implement granular permissions and access controls. The skill description should ideally specify the minimum necessary permissions or a more constrained set of operations it intends to perform, rather than "Owl Protocol operations" generally. Users should review the actual permissions granted to the `owl_protocol` connection. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/e74dc5eb2c8c865b)
Powered by SkillShield