Security Audit

retently-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

retently-automation received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Arbitrary Code/Tool Execution via RUBE_REMOTE_WORKBENCH, Unversioned External MCP Endpoint.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Arbitrary Code/Tool Execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as an approach for 'Bulk ops'. A 'workbench' typically implies an environment where more powerful or arbitrary operations can be performed. If `run_composio_tool()` allows execution of arbitrary tools or code beyond the intended scope of Retently operations, or if its arguments can be manipulated for command injection, it poses a significant security risk. The skill does not provide an example of its usage, making it difficult to assess the exact exploit path, but the capability itself suggests excessive permissions and potential for command injection. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it is strictly sandboxed and cannot execute arbitrary code or tools outside of a predefined, safe list. Provide examples of its intended use and security considerations. If not strictly necessary, consider removing this capability.	LLM	SKILL.md:60
MEDIUM	Unversioned External MCP Endpoint The skill relies on an external Rube MCP endpoint (`https://rube.app/mcp`) which is not versioned or pinned. This introduces a supply chain risk, as the behavior or security posture of the Rube MCP could change at any time without the skill developer's knowledge or control. A malicious update to the MCP could compromise the skill's operations or lead to data exfiltration/command injection. Implement version pinning or integrity checks for the Rube MCP endpoint. For example, specify a particular version of the MCP API or use a hash to verify the integrity of the MCP's configuration/schema.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ec4677de6676d6bf.svg)](https://skillshield.io/report/ec4677de6676d6bf)