Security Audit

scrapfly-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

scrapfly-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency on Rube MCP, Dynamic tool execution increases prompt injection surface.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Dynamic tool execution increases prompt injection surface The skill explicitly guides the agent to dynamically discover and execute tools using `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. The `queries` parameter for `RUBE_SEARCH_TOOLS` and the `tool_slug`/`arguments` for `RUBE_MULTI_EXECUTE_TOOL` are intended to be derived from the agent's understanding of the task. If an attacker can manipulate the agent's input (e.g., via prompt injection) to control these parameters, they could potentially cause the agent to discover and execute unintended tools or perform arbitrary actions available through the Rube MCP system, beyond the intended Scrapfly operations. This design, while flexible, broadens the attack surface for prompt injection. Implement strict input validation and sanitization for any agent-provided parameters used in `RUBE_SEARCH_TOOLS` queries or `RUBE_MULTI_EXECUTE_TOOL` arguments. Consider whitelisting allowed `use_case` values or `tool_slug`s if the skill's scope is meant to be limited. Ensure the agent's internal logic robustly verifies the intent before executing dynamically discovered tools, confirming that the discovered tool and its arguments align with the user's explicit request and the skill's intended purpose.	LLM	SKILL.md:35
MEDIUM	Unpinned dependency on Rube MCP The skill's manifest specifies a dependency on 'rube' within the 'mcp' category without a specific version or constraint. This means the skill will always use the latest version of Rube MCP, which could introduce breaking changes or security vulnerabilities if a malicious or buggy update is pushed to the Rube MCP system. Without version pinning, the skill's behavior is not guaranteed to be stable or secure over time. Specify a version constraint for the `rube` dependency in the manifest (e.g., `{"mcp": ["rube@^1.0.0"]}`) to ensure stability and prevent unexpected behavior from future updates. Regularly review and update dependencies.	LLM	SKILL.md (manifest)

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/fbab6ea3acc0cee3.svg)](https://skillshield.io/report/fbab6ea3acc0cee3)