Security Audit

radar-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

radar-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Rube Execution Tools, Broad Access to Radar Operations via Rube Execution Tools.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Rube Execution Tools The skill exposes `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` which allow the execution of operations within the Radar system based on user-provided arguments. If the underlying Rube MCP or Radar toolkit does not sufficiently sanitize or validate these arguments, a malicious prompt to the LLM could craft inputs that lead to arbitrary command execution or unintended operations within the Radar environment. The documentation mentions 'schema-compliant args', but this does not guarantee protection against all forms of injection if the schema itself allows for dangerous inputs or if the underlying execution engine is vulnerable. `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' is particularly concerning as it implies a more powerful execution capability. Implement robust input validation and sanitization for all arguments passed to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` within the Rube MCP and the underlying Radar toolkit. Ensure that 'schema-compliant' explicitly disallows or escapes any characters or patterns that could lead to command injection. Consider sandboxing the execution environment for `RUBE_REMOTE_WORKBENCH`.	LLM	SKILL.md:50
HIGH	Broad Access to Radar Operations via Rube Execution Tools The skill grants access to powerful Rube MCP tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. The latter is explicitly described for 'Bulk ops', suggesting broad capabilities within the connected Radar system. If the underlying Radar toolkit or the Rube MCP grants extensive permissions to these execution primitives (e.g., ability to modify critical data, access sensitive information, or perform widespread actions), an attacker leveraging the LLM could exploit these broad permissions to cause significant damage or unauthorized data access. The skill documentation does not specify any granular permission controls for these operations. Implement fine-grained access control for operations exposed through `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Ensure that the Rube MCP and Radar toolkit enforce the principle of least privilege, limiting the scope of actions based on the specific tool being called and the context of the LLM agent's request. Provide mechanisms for skill developers to define and enforce narrower permissions for specific use cases.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9fef0406a382d197.svg)](https://skillshield.io/report/9fef0406a382d197)