Security Audit
parma-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
parma-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad tool execution capability via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad tool execution capability via RUBE_REMOTE_WORKBENCH The skill instructs the AI agent to use `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' and `run_composio_tool()`. This tool appears to provide a general execution environment for arbitrary Composio tools, which could lead to excessive permissions if the underlying tools have broad access or if the agent is prompted to misuse them. While the skill advises dynamic tool discovery, the inherent capability of `RUBE_REMOTE_WORKBENCH` is very broad, allowing for potentially unconstrained actions within the Composio ecosystem. Consider if `RUBE_REMOTE_WORKBENCH` is strictly necessary for the skill's core functionality, or if more granular tools could be used. If `RUBE_REMOTE_WORKBENCH` is required, ensure that the agent's prompts and internal logic are robustly designed to prevent misuse and to strictly limit the scope of operations performed through this powerful tool. Implement strict access controls on the underlying Composio tools. | LLM | SKILL.md:85 |
Scan History
Embed Code
[](https://skillshield.io/report/5bd679c68178c58a)
Powered by SkillShield