Security Audit
rocketlane-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
rocketlane-automation received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Broad access to Rocketlane operations and potential for arbitrary Composio tool execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad access to Rocketlane operations and potential for arbitrary Composio tool execution The skill's documentation implies that it can automate a wide range of Rocketlane operations via `RUBE_MULTI_EXECUTE_TOOL` without specifying any scope limitations. While `RUBE_SEARCH_TOOLS` is recommended for discovering tools, the underlying tools could grant extensive access to sensitive project data and management functions within Rocketlane. Furthermore, the mention of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops' suggests a capability to execute arbitrary Composio tools, which might extend beyond Rocketlane-specific functionalities and could grant very broad permissions if not properly constrained. This broad access increases the risk of unintended actions or data exposure if the skill is misused or if the LLM is prompted to perform unauthorized operations. Clearly define and limit the scope of Rocketlane operations the skill is intended to perform. If `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` can execute tools beyond Rocketlane, clarify its scope and ensure it's appropriately restricted for this skill's purpose. Implement least privilege principles by only granting the minimum necessary permissions for the skill's intended function. | LLM | SKILL.md:4 | |
| MEDIUM | Broad access to Rocketlane operations and potential for arbitrary Composio tool execution The skill's documentation implies that it can automate a wide range of Rocketlane operations via `RUBE_MULTI_EXECUTE_TOOL` without specifying any scope limitations. While `RUBE_SEARCH_TOOLS` is recommended for discovering tools, the underlying tools could grant extensive access to sensitive project data and management functions within Rocketlane. Furthermore, the mention of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops' suggests a capability to execute arbitrary Composio tools, which might extend beyond Rocketlane-specific functionalities and could grant very broad permissions if not properly constrained. This broad access increases the risk of unintended actions or data exposure if the skill is misused or if the LLM is prompted to perform unauthorized operations. Clearly define and limit the scope of Rocketlane operations the skill is intended to perform. If `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()` can execute tools beyond Rocketlane, clarify its scope and ensure it's appropriately restricted for this skill's purpose. Implement least privilege principles by only granting the minimum necessary permissions for the skill's intended function. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/8e7c1dc1b0171ce6)
Powered by SkillShield