Security Audit
piloterr-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
piloterr-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Skill exposes RUBE_REMOTE_WORKBENCH for arbitrary tool execution, Broad access to Rube MCP tools, Unpinned external service dependency (Rube MCP).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill exposes RUBE_REMOTE_WORKBENCH for arbitrary tool execution The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool, by its name ('workbench') and function (`run_composio_tool`), strongly suggests the capability to execute arbitrary code or tools within the Rube environment. If `run_composio_tool()` can be manipulated to execute shell commands or arbitrary code, this presents a command injection vulnerability. The skill provides no specific safeguards or input validation for the arguments passed to `run_composio_tool()` beyond general schema compliance, which might not cover arbitrary code execution. This grants the LLM excessive permissions to potentially execute harmful operations. Clarify the exact capabilities and security implications of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution, restrict its use, add strict input validation, or provide specific, safe wrappers. Ensure the LLM is instructed on safe usage and potential risks. | LLM | SKILL.md:59 | |
| MEDIUM | Broad access to Rube MCP tools The skill provides the LLM with access to a comprehensive set of Rube MCP tools, including `RUBE_SEARCH_TOOLS`, `RUBE_MANAGE_CONNECTIONS`, `RUBE_MULTI_EXECUTE_TOOL`, and `RUBE_GET_TOOL_SCHEMAS`. `RUBE_MULTI_EXECUTE_TOOL` allows the LLM to execute any discovered Piloterr tool. While the instructions emphasize schema compliance, the sheer breadth of potential actions through these tools, especially if Piloterr tools themselves have broad permissions, constitutes excessive permissions. An attacker manipulating the LLM could potentially leverage these tools for unintended operations. Implement fine-grained access control for the Rube tools if possible, limiting the specific Piloterr operations an LLM can perform. Ensure that the underlying Piloterr tools themselves adhere to the principle of least privilege. | LLM | SKILL.md:56 | |
| MEDIUM | Unpinned external service dependency (Rube MCP) The skill depends on the Rube MCP service (`https://rube.app/mcp`) without specifying a version or providing a mechanism to pin to a known good version. This introduces a supply chain risk where changes to the external service, whether intentional or malicious, could impact the security and functionality of the skill without the user's knowledge or control. If possible, use a versioned endpoint for the Rube MCP service or implement mechanisms to validate the integrity and expected behavior of the external service before use. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/806dc90c8de78ab2)
Powered by SkillShield