Security Audit
rkvst-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
rkvst-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency, Remote Workbench with potential for arbitrary code execution, Broad tool execution capabilities via RUBE_MULTI_EXECUTE_TOOL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Workbench with potential for arbitrary code execution The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'remote workbench' and the function `run_composio_tool()` strongly suggest the capability to execute arbitrary code or commands in a remote environment. If not rigorously sandboxed, isolated, and controlled, this could allow for command injection, data exfiltration, or other malicious activities by a compromised LLM or a malicious prompt. This grants extremely broad and potentially dangerous execution capabilities, posing a critical security risk. Clarify the exact capabilities and security controls of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Implement strict sandboxing, input validation, and least privilege principles for any code executed within the workbench. If arbitrary code execution is intended, ensure it is explicitly documented as such, and that the risks are fully understood and mitigated with robust security measures. Consider if such a powerful tool is necessary for the skill's intended purpose, and if a more constrained alternative could be used. | LLM | SKILL.md:79 | |
| HIGH | Unpinned Rube MCP dependency The skill manifest specifies a dependency on the 'rube' MCP without a version constraint. This means that any future changes to the 'rube' MCP, including breaking changes or the introduction of vulnerabilities, could automatically affect this skill without explicit review or update. This introduces a supply chain risk, as the skill's behavior and security posture are dependent on an unversioned external component. Pin the 'rube' MCP dependency to a specific version or version range (e.g., `"rube@^1.0.0"`) to ensure stability and security. Regularly review and update the pinned version to incorporate necessary security patches and features. | LLM | SKILL.md:2 | |
| HIGH | Broad tool execution capabilities via RUBE_MULTI_EXECUTE_TOOL The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` to execute tools discovered via `RUBE_SEARCH_TOOLS`. This grants the LLM the ability to execute any tool available within the `rkvst` toolkit, with arguments provided by the LLM. While this is the core functionality, it represents a broad permission set. A malicious prompt could instruct the LLM to execute unintended or harmful operations if the underlying `rkvst` tools are not carefully designed with security in mind, or if the LLM is tricked into providing malicious arguments, potentially leading to data manipulation, unauthorized access, or denial of service. Ensure that all tools exposed through `RUBE_MULTI_EXECUTE_TOOL` are designed with security in mind, implement robust input validation, and operate with the principle of least privilege. Consider implementing finer-grained access control if possible, limiting the specific tools an LLM can call based on context or user permissions, or requiring explicit user confirmation for sensitive operations. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/374fc24621376550)
Powered by SkillShield