Security Audit
sensibo-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
sensibo-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill provides access to generic tool execution beyond stated scope.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill provides access to generic tool execution beyond stated scope The 'sensibo-automation' skill, intended for Sensibo tasks, exposes `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. If `run_composio_tool()` can execute any Composio tool (not just Sensibo-specific ones), this grants the agent access to a broader range of functionalities than implied by the skill's name and description. This could allow an agent to interact with other connected services via Composio, exceeding the intended scope of 'sensibo-automation'. Clarify the scope of `run_composio_tool()` when used within this skill. If it is intended to be generic, consider renaming the skill to reflect its broader capabilities or explicitly restrict `run_composio_tool()` to Sensibo-specific operations within this skill's context. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/fbc8fcffb8502512)
Powered by SkillShield