Security Audit

retailed-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

retailed-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill enables broad access to Retailed operations via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Skill enables broad access to Retailed operations via Rube MCP The skill instructs the agent to use Rube MCP tools (`RUBE_MANAGE_CONNECTIONS`, `RUBE_MULTI_EXECUTE_TOOL`, `RUBE_REMOTE_WORKBENCH`) which provide broad capabilities. `RUBE_MANAGE_CONNECTIONS` allows managing connections to external services, potentially including sensitive authentication flows. `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` enable the execution of arbitrary Retailed operations discovered dynamically. If the agent is susceptible to prompt injection, an attacker could coerce the agent into performing unintended or malicious actions (e.g., data modification, deletion, or unauthorized access) through these powerful tools. The skill does not include internal safeguards or restrictions on the scope of operations. Implement stricter input validation and authorization checks within the agent's reasoning before calling Rube MCP tools. Consider adding explicit user confirmation steps for sensitive operations. The skill itself could be augmented with instructions for the agent to exercise caution or seek user approval for certain actions, or to limit the scope of `use_case` queries for `RUBE_SEARCH_TOOLS`.	LLM	SKILL.md:47

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a66a6311c9248377.svg)](https://skillshield.io/report/a66a6311c9248377)