Security Audit

process-street-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

process-street-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency, Broad execution capability via RUBE_REMOTE_WORKBENCH.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Broad execution capability via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This function implies the ability to execute arbitrary Composio tools within the Rube MCP environment. If the LLM is prompted to use this with untrusted or malicious input, it could lead to command injection, arbitrary code execution, or actions beyond the intended scope of Process Street automation. This broad capability, without explicit constraints on which tools can be run or with what arguments, presents a significant security risk, potentially allowing access to other connected systems or the underlying environment of the Rube MCP. If `RUBE_REMOTE_WORKBENCH` is necessary, ensure that the `run_composio_tool()` function within the Rube MCP is strictly sandboxed and that its inputs are rigorously validated and constrained to prevent arbitrary code execution or unintended side effects. The skill itself should guide the LLM to use this tool only with highly constrained and validated inputs, or consider if a more specific, less powerful tool could achieve the 'Bulk ops' functionality.	Static	SKILL.md:64
MEDIUM	Unpinned Rube MCP dependency The skill manifest specifies a dependency on the `rube` MCP without a version constraint. This means that any future update to the `rube` MCP, including potentially malicious ones, would be automatically used by this skill, introducing a supply chain risk. Without version pinning, the skill's behavior and security posture could change unexpectedly if the `rube` MCP is updated or compromised. Pin the `rube` MCP dependency to a specific, known-good version or version range in the manifest to prevent unexpected or malicious updates. For example, `"mcp": ["rube@1.2.3"]` or `"mcp": ["rube@^1.0.0"]`.	Static	SKILL.md:3

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/71b0a9bb8480bd4d.svg)](https://skillshield.io/report/71b0a9bb8480bd4d)