Security Audit

sap-successfactors-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sap-successfactors-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency, Skill enables broad access to critical business system.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill enables broad access to critical business system The skill is designed to automate a wide range of operations within SAP SuccessFactors, a critical enterprise resource planning (ERP) system. It leverages tools like `RUBE_SEARCH_TOOLS`, `RUBE_MULTI_EXECUTE_TOOL`, and `RUBE_REMOTE_WORKBENCH` which, in combination, allow the LLM to discover and execute a broad spectrum of actions within SAP SuccessFactors. While this is the intended functionality, it means that if the LLM is compromised (e.g., via prompt injection), it could be instructed to perform unauthorized or malicious operations within SAP SuccessFactors, potentially leading to significant data manipulation, exfiltration, or service disruption. The skill itself does not define granular permissions, relying instead on the scope of the underlying Composio connection. Implement robust access controls and monitoring on the Composio/Rube platform for the SAP SuccessFactors connection, ensuring the connection's permissions are limited to the absolute minimum required for the intended use cases. The LLM's environment should have strong prompt injection defenses. Consider implementing human-in-the-loop approvals for sensitive SAP SuccessFactors operations initiated by the LLM.	Static	SKILL.md:1
MEDIUM	Unpinned Rube MCP dependency The skill's manifest specifies a dependency on the 'rube' MCP without a version constraint. This means the skill will always use the latest available version of Rube MCP. While this can provide access to the newest features, it also introduces a supply chain risk as new versions could introduce breaking changes, unexpected behavior, or even vulnerabilities without explicit review or testing against a pinned version. This lack of pinning can lead to instability or security regressions. Pin the Rube MCP dependency to a specific stable version or version range in the manifest to ensure consistent and predictable behavior. For example, `"mcp": ["rube@1.2.3"]` or `"mcp": ["rube@^1.0.0"]`.	Static	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/39fe5b9fbc76ce41.svg)](https://skillshield.io/report/39fe5b9fbc76ce41)