Security Audit
realphonevalidation-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
realphonevalidation-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill grants access to arbitrary Composio tools via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill grants access to arbitrary Composio tools via RUBE_REMOTE_WORKBENCH The skill is named 'realphonevalidation-automation' and its description states it automates 'Realphonevalidation tasks'. However, the 'Quick Reference' section in the documentation explicitly lists 'RUBE_REMOTE_WORKBENCH' with 'run_composio_tool()' as an available operation. This capability implies that the agent can execute arbitrary Composio tools, potentially granting access to functionalities and data beyond the intended scope of the 'realphonevalidation' toolkit. This broad access could lead to unauthorized actions if the agent is prompted to use this more general tool. Restrict the capabilities exposed by the skill to only those directly related to 'realphonevalidation'. If 'RUBE_REMOTE_WORKBENCH' is necessary, ensure it is strictly scoped to 'realphonevalidation' tools or remove its mention from this specific skill's documentation to prevent unintended broad access. | LLM | SKILL.md:77 |
Scan History
Embed Code
[](https://skillshield.io/report/c734e285161e0264)
Powered by SkillShield