Security Audit
ragic-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
ragic-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency, Potential command injection via `RUBE_REMOTE_WORKBENCH`, Broad access to external tools and connection management.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Rube MCP dependency The skill's manifest specifies a dependency on the 'rube' MCP without a version constraint. This allows any version of the 'rube' MCP to be used, including potentially malicious or incompatible future versions, posing a significant supply chain risk. An attacker could introduce a compromised version of the 'rube' MCP, which would then be automatically used by this skill. Pin the 'rube' MCP dependency to a specific, known-good version or a version range (e.g., `{"mcp": ["rube@^1.0.0"]}`) to mitigate the risk of unexpected or malicious updates. | LLM | Manifest | |
| HIGH | Potential command injection via `RUBE_REMOTE_WORKBENCH` The skill instructs the agent to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. This pattern suggests the execution of external tools or commands. If the `composio_tool` itself or the arguments passed to it are not rigorously validated and sanitized, this could lead to command injection vulnerabilities, allowing an attacker to execute arbitrary code on the underlying system where the Rube MCP operates. Ensure that `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` strictly validate and sanitize all inputs to prevent command injection. Implement robust sandboxing and least-privilege execution environments for any commands or tools invoked through this mechanism. | LLM | SKILL.md:89 | |
| MEDIUM | Broad access to external tools and connection management The skill provides access to powerful Rube MCP tools such as `RUBE_MULTI_EXECUTE_TOOL`, `RUBE_REMOTE_WORKBENCH`, and `RUBE_MANAGE_CONNECTIONS`. These tools allow for a wide range of operations on Ragic (e.g., read, write, delete data) and the management of external service connections, potentially including sensitive credentials. The instruction to use `RUBE_SEARCH_TOOLS` further implies that the agent could discover and utilize any tool exposed by the Rube MCP, leading to overly broad permissions if not carefully managed by the agent. Implement fine-grained access control for the Rube MCP tools if possible, restricting the agent to only the necessary Ragic operations. Ensure the agent is designed to strictly adhere to the principle of least privilege when interacting with external tools and managing connections. | LLM | SKILL.md:51 | |
| MEDIUM | Potential data exfiltration via 'memory' parameter The skill explicitly instructs the agent to include a `memory` parameter in `RUBE_MULTI_EXECUTE_TOOL` calls, even if empty. If the agent populates this `memory` object with sensitive user data (e.g., personal information, session details, or confidential business data), this data could be exfiltrated to the Rube MCP service, which is an external third-party service. This creates a risk of unintended data exposure. Clarify that sensitive information should not be placed in the `memory` parameter, or provide explicit guidance on how to sanitize or restrict its content to non-sensitive data. Ensure the agent's implementation of `memory` is secure and does not inadvertently expose sensitive data to external services. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/d8d8065845131063)
Powered by SkillShield