Security Audit

salesforce-marketing-cloud-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

salesforce-marketing-cloud-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned third-party dependency, Potential for arbitrary code execution via RUBE_REMOTE_WORKBENCH.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential for arbitrary code execution via RUBE_REMOTE_WORKBENCH The `RUBE_REMOTE_WORKBENCH` tool, used with `run_composio_tool()`, is described as an approach for 'Bulk ops'. The term 'workbench' often implies a powerful, less constrained execution environment. Without clear documentation on its sandboxing, input validation, and allowed operations, this tool presents a critical risk for arbitrary code execution, command injection, and data exfiltration. An attacker could potentially craft inputs to `run_composio_tool()` to execute malicious commands on the host system or exfiltrate sensitive data. Provide detailed security documentation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`, including sandboxing mechanisms, allowed operations, input validation, and any restrictions. If arbitrary code execution is intended, clearly state the security implications and provide strong isolation. Consider if this level of access is truly necessary for the skill's stated purpose.	LLM	SKILL.md:80
HIGH	Unpinned third-party dependency The skill manifest specifies a dependency on 'rube' without a version constraint. This means that any future updates to 'rube' could be automatically pulled, potentially introducing breaking changes or malicious code without explicit review. This poses a supply chain risk. Pin the dependency to a specific version or version range (e.g., `{"mcp": ["rube==1.2.3"]}` or `{"mcp": ["rube>=1.0.0,<2.0.0"]}`) to ensure stability and security.	LLM	Manifest:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5afd550b82667ba3.svg)](https://skillshield.io/report/5afd550b82667ba3)