Security Audit
seismic-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
seismic-automation received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Broad, dynamic tool execution via Rube MCP, Exposure of authentication links during connection setup, Reliance on unpinned external Rube MCP service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad, dynamic tool execution via Rube MCP The skill instructs the LLM to dynamically discover and execute any tool provided by the Rube MCP for the 'seismic' toolkit using `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. This grants the LLM broad, unconstrained access to perform any operation exposed by the external Seismic toolkit, without explicit enumeration or restriction within the skill definition. This could lead to unauthorized data access, modification, or deletion if the LLM is prompted maliciously or misinterprets instructions, as the scope of 'Seismic operations' is not defined within the skill itself. Implement a more granular permission model for the LLM's tool access. Instead of dynamic discovery and execution of *any* tool, explicitly list allowed tool slugs and their argument schemas within the skill definition. Alternatively, ensure the Rube MCP itself enforces strict, least-privilege access controls based on the LLM's context or user identity. | LLM | SKILL.md:47 | |
| MEDIUM | Exposure of authentication links during connection setup The skill instructs the LLM to call `RUBE_MANAGE_CONNECTIONS` and 'follow the returned auth link to complete setup' for the Seismic toolkit. This means the LLM will process and potentially output sensitive authentication URLs or tokens. If the LLM's internal state, logs, or output are not adequately secured, these credentials could be exposed, leading to unauthorized access to the Seismic account. Ensure that the LLM environment is configured to prevent logging or outputting sensitive authentication links or tokens. Implement secure handling mechanisms for OAuth flows or API key provisioning that do not expose raw credentials to the LLM's accessible context. Consider using a secure credential manager or a human-in-the-loop approval process for initial connection setup. | LLM | SKILL.md:26 | |
| MEDIUM | Reliance on unpinned external Rube MCP service The skill relies on an external Rube MCP service at `https://rube.app/mcp` for all its functionality. There is no version pinning or integrity checking for the MCP itself or the 'seismic' toolkit it provides. This introduces a supply chain risk, as a compromise or malicious update to the `rube.app/mcp` service could directly impact the security and behavior of this skill without any explicit change to the skill's definition. While dynamic MCPs inherently involve external dependencies, consider mechanisms to mitigate this risk. This could include: (1) Implementing integrity checks or cryptographic signatures for tool schemas and code provided by the MCP. (2) Using a trusted, curated list of MCP endpoints. (3) Sandboxing the execution environment for tools fetched from the MCP. (4) If possible, specify a version or hash for the MCP endpoint or toolkit to ensure deterministic behavior. | LLM | SKILL.md:21 |
Scan History
Embed Code
[](https://skillshield.io/report/beaf93e060927566)
Powered by SkillShield