Security Audit

respond-io-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

respond-io-automation received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unversioned External MCP Dependency, Broad Tool Access to External Service.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Unversioned External MCP Dependency The skill relies on the 'rube' MCP from an unversioned external endpoint (https://rube.app/mcp). This introduces a supply chain risk as changes to the Rube MCP service could impact the skill's functionality or security without explicit updates or version control within the skill package. If the external service is compromised or its behavior changes maliciously, the skill could be affected. If possible, specify a version or a more stable endpoint for the Rube MCP. Implement monitoring for changes to the external service or consider hosting a controlled version of the MCP if feasible. Clearly document the dependency and its implications.	Static	SKILL.md:1
MEDIUM	Broad Tool Access to External Service The skill is designed to automate Respond IO tasks by dynamically discovering and executing tools via `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. This grants the agent broad, unconstrained access to perform any operation available through the Respond IO toolkit via Rube. While this is the intended functionality for an automation skill, it means that a malicious or poorly constrained prompt could leverage this capability to perform unauthorized or harmful actions within Respond IO, as the skill itself does not impose granular restrictions on the scope of operations. Implement robust prompt engineering and agent guardrails to ensure that the agent's use of these powerful tools is always aligned with intended, authorized actions. Consider adding internal logic within the agent or skill to validate or restrict the types of `tool_slug` or `arguments` that can be executed based on the specific use case, if more granular control is desired.	Static	SKILL.md:56

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ab274876cd07bf20.svg)](https://skillshield.io/report/ab274876cd07bf20)