Security Audit

parallel-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

parallel-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Potential for arbitrary tool execution via RUBE_REMOTE_WORKBENCH, Unpinned Rube MCP dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential for arbitrary tool execution via RUBE_REMOTE_WORKBENCH The skill documentation suggests using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The name 'workbench' implies a flexible execution environment, and `run_composio_tool()` suggests the ability to execute arbitrary Composio tools. Without strict sandboxing, input validation, and explicit permission controls, this powerful primitive could allow an attacker to execute arbitrary commands on the host system (Command Injection) or exfiltrate sensitive data (Data Exfiltration) by calling malicious tools or tools with unintended side effects. The skill itself does not define the security boundaries of `RUBE_REMOTE_WORKBENCH` or `run_composio_tool()`, making its usage inherently risky. Ensure `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` are strictly sandboxed, have minimal necessary permissions, and validate all inputs to prevent arbitrary code execution or access to sensitive resources. The skill documentation should clarify the security implications and limitations of this powerful tool, detailing what types of operations are permitted and how they are secured.	LLM	SKILL.md:70
LOW	Unpinned Rube MCP dependency The skill manifest requires the `rube` MCP but does not specify a version or hash. This lack of pinning means that any updates to the `rube` MCP could be automatically incorporated, potentially introducing new vulnerabilities, breaking changes, or malicious code without explicit review by the skill author. While MCPs might operate differently from traditional package dependencies, the principle of pinning dependencies for security and stability remains a best practice. If the platform supports it, specify a precise version or hash for the `rube` MCP dependency to ensure deterministic behavior and prevent unexpected changes from upstream. If version pinning is not directly supported for MCPs, ensure robust monitoring of the `rube` MCP for security updates and potential issues.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d8b47f7f095bdbad.svg)](https://skillshield.io/report/d8b47f7f095bdbad)