Security Audit
scrapingant-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
scrapingant-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Arbitrary Composio Tool Execution via RUBE_REMOTE_WORKBENCH, Broad Tool Execution Scope via Dynamic Discovery, Agent Involvement in Connection and Authentication Management.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Composio Tool Execution via RUBE_REMOTE_WORKBENCH The skill instructs the agent to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This function, if exposed to untrusted input (e.g., through a prompt or a compromised `RUBE_SEARCH_TOOLS` response), could allow an attacker to execute arbitrary Composio tools with arbitrary arguments. This constitutes a command injection vulnerability, potentially leading to unintended actions, data manipulation, or even system compromise depending on the capabilities of available Composio tools. Implement strict allowlisting or validation for the tool names and arguments that can be passed to `run_composio_tool()` via `RUBE_REMOTE_WORKBENCH`. Ensure the agent cannot be prompted to execute arbitrary tools or supply malicious arguments. Restrict the scope of tools accessible through this mechanism to only those absolutely necessary and thoroughly vetted. | LLM | SKILL.md:90 | |
| HIGH | Broad Tool Execution Scope via Dynamic Discovery The skill guides the agent to dynamically discover and execute tools using `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. While the stated intent is for 'Scrapingant operations', the `use_case` parameter in `RUBE_SEARCH_TOOLS` is open to interpretation and could be manipulated by an attacker via prompt injection. This could lead the agent to discover and execute tools outside the intended Scrapingant scope, potentially performing unintended actions or accessing unauthorized data if other Composio tools with broader permissions are available. Implement strict allowlisting or validation on the `use_case` parameter for `RUBE_SEARCH_TOOLS` to ensure only Scrapingant-related queries are processed. Alternatively, restrict the set of tools that `RUBE_MULTI_EXECUTE_TOOL` is allowed to execute, regardless of what `RUBE_SEARCH_TOOLS` returns. | LLM | SKILL.md:39 | |
| LOW | Agent Involvement in Connection and Authentication Management The skill instructs the agent to use `RUBE_MANAGE_CONNECTIONS` and to 'follow the returned auth link to complete setup'. While the skill itself doesn't explicitly handle credentials, involving the agent in connection setup and authentication flows introduces a potential attack surface. An attacker might attempt to prompt the agent to extract sensitive information from authentication responses or connection statuses if the underlying Rube MCP exposes such details to the agent. Ensure that the Rube MCP does not expose sensitive credential information to the agent through `RUBE_MANAGE_CONNECTIONS` responses. Implement strict filtering or redaction of sensitive data before it reaches the agent. Train the agent not to interpret, store, or transmit sensitive information from such interactions. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/c53c6d54a2d5e42b)
Powered by SkillShield