Security Audit
revolt-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
revolt-automation received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency, Hardcoded external MCP server endpoint, Potential for command injection or excessive permissions via Rube MCP tools.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Rube MCP dependency The skill's manifest specifies a dependency on 'rube' MCP without a version constraint. This allows any version of Rube to be used, including potentially vulnerable or malicious future versions, or versions with breaking changes, without explicit review. This introduces a significant supply chain risk. Pin the Rube MCP dependency to a specific version or a narrow version range (e.g., `"rube": "1.2.3"` or `"rube": "~1.2.0"`) to ensure predictable and secure behavior. | LLM | Manifest | |
| HIGH | Hardcoded external MCP server endpoint The skill explicitly instructs users to configure `https://rube.app/mcp` as their MCP server. This introduces a critical single point of failure and supply chain risk. If `rube.app` is compromised, malicious tools or instructions could be served to all users of this skill, potentially leading to data exfiltration, command injection, or other severe security breaches. While direct control over `rube.app` is not possible, users should be made aware of this trust assumption. For critical applications, consider mechanisms to verify the integrity of the MCP server or the tools it provides (e.g., cryptographic signatures or hash verification). | LLM | SKILL.md:20 | |
| MEDIUM | Potential for command injection or excessive permissions via Rube MCP tools The skill leverages powerful Rube MCP tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` (which includes `run_composio_tool()`). These tools appear to offer broad execution capabilities. If the arguments passed to these tools are not rigorously validated by the Rube MCP, or if the underlying Rube tools themselves allow arbitrary code/command execution, this skill could be used as a vector for command injection or to perform actions with excessive permissions on the host system or connected services. The `RUBE_REMOTE_WORKBENCH` in particular suggests a powerful, potentially unconstrained execution environment. Document the security implications and exact capabilities of `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Emphasize the critical need for strict input validation and sanitization of all arguments passed to these Rube tools. The Rube MCP itself should implement robust sandboxing and least-privilege principles for its execution environment. | LLM | SKILL.md:57 |
Scan History
Embed Code
[](https://skillshield.io/report/f2eda7dd8439a112)
Powered by SkillShield