Security Audit
scrape-do-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
scrape-do-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include `RUBE_REMOTE_WORKBENCH` grants excessive execution capabilities, User-controlled input to Rube MCP tools is vulnerable to prompt injection, Potential for data exfiltration via powerful Rube tools.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | `RUBE_REMOTE_WORKBENCH` grants excessive execution capabilities The skill exposes `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for "Bulk ops". This tool name and description strongly suggest the ability to execute arbitrary code or highly privileged operations within the Composio ecosystem. This grants the LLM excessive permissions, potentially leading to arbitrary command execution, system compromise, or data manipulation beyond the intended scope of "Scrape Do operations". Restrict or remove access to `RUBE_REMOTE_WORKBENCH` if its capabilities are not strictly necessary and fully sandboxed. If required, ensure `run_composio_tool()` is heavily restricted, only allowing a predefined set of safe operations, and that all inputs are rigorously validated and sanitized to prevent command injection. | LLM | SKILL.md:69 | |
| HIGH | User-controlled input to Rube MCP tools is vulnerable to prompt injection The skill instructs the LLM to populate `use_case` for `RUBE_SEARCH_TOOLS` and `arguments` for `RUBE_MULTI_EXECUTE_TOOL` based on user requests. If the Rube MCP system or the underlying `scrape_do` tools do not adequately sanitize or validate these inputs, a malicious user prompt could inject unintended instructions or data, potentially manipulating tool behavior, accessing unauthorized resources, or causing denial of service. Implement robust input validation and sanitization for all user-controlled fields passed to Rube MCP tools, especially `use_case` and tool `arguments`. Consider using allow-lists for expected values and strictly enforcing schema compliance. The Rube MCP system should also employ strong sandboxing and least privilege principles for tool execution. | LLM | SKILL.md:45 | |
| HIGH | Potential for data exfiltration via powerful Rube tools The `RUBE_REMOTE_WORKBENCH` tool, if it allows arbitrary code execution (as suggested by `run_composio_tool()`), could be leveraged by a malicious prompt to read sensitive files, access network resources, or transmit data to an attacker-controlled endpoint. Furthermore, if any `scrape_do` tools accessible via `RUBE_MULTI_EXECUTE_TOOL` have file system access or network capabilities and accept user-controlled arguments, they could also be exploited for data exfiltration. Ensure that `RUBE_REMOTE_WORKBENCH` and all `scrape_do` tools operate within a strictly sandboxed environment with minimal necessary permissions. Restrict network access to only approved endpoints and prevent file system access unless explicitly required and secured. Implement data loss prevention (DLP) mechanisms where sensitive data might be processed. | LLM | SKILL.md:69 | |
| MEDIUM | Unpinned dependency in manifest The `mcp` dependency `rube` is specified without a version constraint in the manifest. This means that any future version of the `rube` MCP could be used, potentially introducing breaking changes, vulnerabilities, or unexpected behavior without explicit review or testing. Pin the `rube` dependency to a specific, known-good version (e.g., `{"mcp": ["rube==1.2.3"]}`) to ensure deterministic builds and prevent unexpected updates. Regularly review and update dependencies to benefit from security patches. | LLM | SKILL.md:4 |
Scan History
Embed Code
[](https://skillshield.io/report/87f71c925335a6a2)
Powered by SkillShield