Security Audit

rootly-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

rootly-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions: Broad Tool Execution via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Excessive Permissions: Broad Tool Execution via Rube MCP The skill instructs the LLM to use `RUBE_SEARCH_TOOLS` to dynamically discover any available Rootly operations and subsequently execute them via `RUBE_MULTI_EXECUTE_TOOL`. Additionally, it suggests using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This grants the LLM excessively broad permissions, allowing it to perform any action supported by the Rootly toolkit through Rube MCP, and potentially arbitrary Composio operations via the workbench. The skill does not define or enforce any specific scope or restrictions on the types of operations the LLM can perform, relying entirely on the external Rube MCP system for access control. This broad access surface increases the risk of unauthorized actions, data exfiltration, or command injection if the LLM is compromised or misused, as it can invoke powerful, unconstrained operations. Implement fine-grained access control within the skill definition or the Rube MCP configuration to restrict the LLM's capabilities to only necessary Rootly operations (e.g., read-only, specific resource types). If `RUBE_REMOTE_WORKBENCH` is not strictly required, consider removing its mention or providing clear limitations and warnings on its use. Ensure that the Rube MCP system itself enforces robust authorization, input validation, and sandboxing for all executed tools to mitigate command injection and data exfiltration risks.	LLM	SKILL.md:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a507fcfb25c72953.svg)](https://skillshield.io/report/a507fcfb25c72953)