Security Audit
printautopilot-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
printautopilot-automation received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Broad Tool Execution Capabilities, Unversioned External Service Dependency, External Authentication Link Exposure.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Tool Execution Capabilities The skill grants the LLM access to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. These tools allow the LLM to execute arbitrary functions within the Printautopilot toolkit, as discovered via `RUBE_SEARCH_TOOLS`. This provides very broad and potentially unrestricted access to Printautopilot operations, which could include sensitive actions like data modification, deletion, or access to PII, depending on the Printautopilot toolkit's capabilities. A malicious LLM or user prompt could leverage this broad access to perform unauthorized actions. Implement fine-grained access control for specific Printautopilot tools or operations. Restrict the LLM's ability to execute all discovered tools. Consider using a whitelist of allowed tool slugs or requiring explicit human approval for sensitive operations. | LLM | SKILL.md:48 | |
| MEDIUM | Unversioned External Service Dependency The skill relies on an external Rube MCP service at `https://rube.app/mcp`. There is no mechanism specified to pin the version of this service or its API, meaning its behavior could change unexpectedly or maliciously without the skill's knowledge. This introduces a supply chain risk, as the integrity and security of the skill are dependent on an unmanaged external endpoint. A compromised Rube MCP service could return malicious tool schemas or execute malicious code. If possible, specify a version for the Rube MCP service or use a mechanism to ensure API stability. Regularly monitor the external service for changes or security advisories. Consider self-hosting or using a trusted, version-controlled proxy if direct dependency on an unversioned external service is unavoidable. | LLM | SKILL.md:19 | |
| LOW | External Authentication Link Exposure The skill instructs the LLM to follow an 'auth link' returned by `RUBE_MANAGE_CONNECTIONS` to complete setup if a connection is not active. While the skill itself does not harvest credentials, directing the LLM or user to an external link for authentication introduces a potential phishing vector if the external service or the link generation process is compromised. A malicious actor could potentially redirect the user to a phishing site. Advise users to verify the authenticity of any authentication links. Implement checks within the LLM's environment to validate the domain of the auth link before presenting it to the user or navigating to it. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/f97f973fff2bf7ab)
Powered by SkillShield