Security Audit
polygon-io-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
polygon-io-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Broad Tool Access via Dynamic Execution, Exposure of Credential Management Interface.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' with `run_composio_tool()`. The term 'workbench' often implies an environment capable of executing arbitrary code or highly privileged operations. If `run_composio_tool()` allows execution of arbitrary commands or scripts, this presents a significant command injection vulnerability. Clarify and restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it cannot execute arbitrary code or shell commands. If it's intended for specific, sandboxed operations, this should be explicitly stated and enforced. | LLM | SKILL.md:67 | |
| HIGH | Broad Tool Access via Dynamic Execution The skill enables dynamic discovery of Polygon IO tools via `RUBE_SEARCH_TOOLS` and subsequent execution of any discovered tool via `RUBE_MULTI_EXECUTE_TOOL`. This grants the LLM broad access to all Polygon IO operations exposed by Composio, which could include sensitive financial data retrieval or potentially transactional operations, depending on the Polygon IO API's capabilities. A malicious prompt could exploit this broad access to perform unauthorized actions. Implement fine-grained access control for specific Polygon IO tools or operations. Restrict the types of tools that can be discovered and executed by the LLM, or require explicit user confirmation for sensitive operations. | LLM | SKILL.md:49 | |
| MEDIUM | Exposure of Credential Management Interface The skill exposes the `RUBE_MANAGE_CONNECTIONS` tool, which is responsible for managing the Polygon IO connection, including authentication via an 'auth link'. While the skill itself doesn't harvest credentials, a malicious prompt could potentially manipulate the LLM into querying connection details or initiating re-authentication flows, which could expose sensitive information or lead to credential compromise if not handled with strict security measures. Ensure that `RUBE_MANAGE_CONNECTIONS` has robust internal security controls to prevent unauthorized access or manipulation of connection details. Implement strict access policies and user confirmation for any actions that could expose or alter connection credentials. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/00714a021838fe68)
Powered by SkillShield