Security Audit
quaderno-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
quaderno-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potentially excessive permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potentially excessive permissions via RUBE_REMOTE_WORKBENCH The skill suggests using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This primitive implies the ability to execute arbitrary Composio tools or code within a remote workbench environment. Without clear sandboxing, input validation, or explicit security warnings, this could lead to excessive permissions, command injection, or data exfiltration if malicious arguments are passed to `run_composio_tool()` or if the underlying Composio tools are vulnerable. Add explicit warnings and guidance regarding the security implications of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Recommend strict input validation for arguments passed to `run_composio_tool()` and ensure the remote workbench environment is properly sandboxed and least-privilege. Clarify the scope and capabilities of `run_composio_tool()`. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/81c7f92ee1274d14)
Powered by SkillShield