Security Audit

safetyculture-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

safetyculture-automation received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill enables execution of arbitrary tools from external MCP, Dependency on external Rube MCP introduces supply chain risk.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill enables execution of arbitrary tools from external MCP The skill instructs the LLM to discover and execute tools provided by an external Rube MCP (`rube.app`) using `RUBE_SEARCH_TOOLS`, `RUBE_MULTI_EXECUTE_TOOL`, and `RUBE_REMOTE_WORKBENCH`. The skill does not define or restrict the scope of tools that can be discovered or executed. This allows the LLM to potentially execute any tool exposed by the Rube MCP, which could have broad permissions (e.g., filesystem access, network access, access to other sensitive APIs) if not properly constrained by the MCP itself or the LLM's internal safeguards. The `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` is particularly concerning as it implies a general-purpose execution capability. The skill should specify a whitelist or a more granular scope of allowed tool slugs/capabilities from the Rube MCP. Alternatively, the Rube MCP itself must enforce strict capability-based security and the LLM must be configured to only call specific, pre-approved tools.	LLM	SKILL.md:42
HIGH	Dependency on external Rube MCP introduces supply chain risk The skill explicitly depends on an external Rube MCP hosted at `https://rube.app/mcp`. The security and trustworthiness of this skill are directly tied to the security of `rube.app`. If `rube.app` were to be compromised or become malicious, it could serve harmful tool definitions via `RUBE_SEARCH_TOOLS`. The LLM, following the skill's instructions, would then be prompted to execute these potentially malicious tools via `RUBE_MULTI_EXECUTE_TOOL` or `RUBE_REMOTE_WORKBENCH`, leading to a supply chain attack. Implement strong vetting processes for external MCPs. Consider sandboxing the execution environment for tools provided by external MCPs. Regularly audit the external MCP for security vulnerabilities. If possible, host a trusted instance of the MCP or use a local, vetted version.	LLM	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d817e931657c6e5b.svg)](https://skillshield.io/report/d817e931657c6e5b)