Security Audit
semanticscholar-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
semanticscholar-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad access to Semanticscholar operations via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad access to Semanticscholar operations via Rube MCP The skill provides instructions for using `RUBE_SEARCH_TOOLS` to discover all available Semanticscholar operations and `RUBE_MULTI_EXECUTE_TOOL` to execute any of them. It also mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops'. This grants the LLM broad, unconstrained access to perform any action supported by the Semanticscholar toolkit through the Rube MCP. Depending on the specific tools exposed by the Semanticscholar toolkit, this could include sensitive data access, modification, or deletion, without explicit constraints defined within the skill itself. Implement fine-grained access control within the Rube MCP or the underlying Semanticscholar toolkit to restrict the specific operations an LLM can perform. The LLM orchestrator should carefully review and constrain the LLM's ability to call these broad tools, ensuring it only performs actions necessary for its intended function. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/2482049cb0ba7bba)
Powered by SkillShield