Security Audit
ring_central-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
ring_central-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill instructs the use of `RUBE_REMOTE_WORKBENCH` for 'bulk operations' and 'data processing' by executing `run_composio_tool()` in a loop with `ThreadPoolExecutor`. This pattern implies that user-provided or LLM-generated code will be executed within the `RUBE_REMOTE_WORKBENCH` environment. If this environment is not properly sandboxed, an attacker could inject arbitrary commands or code, leading to remote code execution, data exfiltration, or system compromise. Ensure the `RUBE_REMOTE_WORKBENCH` execution environment is strictly sandboxed, limiting access to the filesystem, network, and system commands. Provide clear guidelines on what kind of code can be executed and what security measures are in place. If the LLM is expected to generate this code, implement robust input validation and sanitization. | LLM | SKILL.md:91 |
Scan History
Embed Code
[](https://skillshield.io/report/a41c67ccf4cf530f)
Powered by SkillShield