Security Audit

pdf-co-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pdf-co-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned external service dependency, Broadly scoped `RUBE_REMOTE_WORKBENCH` tool with potential for arbitrary code execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Broadly scoped `RUBE_REMOTE_WORKBENCH` tool with potential for arbitrary code execution The skill exposes and encourages the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`, described as enabling 'Bulk ops'. This tool appears to grant very broad capabilities, potentially allowing the execution of arbitrary code or complex operations within the Rube environment. If `run_composio_tool()` can execute shell commands, `eval` arbitrary code, or run scripts based on untrusted input provided by the LLM, it represents a severe command injection vulnerability. Even if not directly exploitable by the LLM, the broad scope of this tool constitutes excessive permissions, significantly increasing the attack surface and risk of misuse by a compromised LLM or malicious prompt. Restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` to only necessary, well-defined operations. Implement strict input validation and sandboxing for any code or commands executed through this tool. Provide a more granular set of tools instead of a single, overly powerful 'workbench' tool.	LLM	SKILL.md:70
HIGH	Unpinned external service dependency The skill relies on the Rube MCP service (`https://rube.app/mcp`) and Composio's PDF co toolkit without specifying a version or providing a mechanism to pin to a known good version. This introduces a supply chain risk, as changes or compromises to these external services could directly impact the security and functionality of the skill without the user's explicit consent or knowledge. A malicious update to the Rube MCP or PDF co toolkit could lead to data exfiltration, command injection, or other severe vulnerabilities. Implement mechanisms to pin or validate the versions of external services (e.g., by checking a hash of the service's API schema, or by using a versioned endpoint if available). Regularly audit external service providers and their security practices.	LLM	SKILL.md:16

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7efa02e5071a17e9.svg)](https://skillshield.io/report/7efa02e5071a17e9)