Security Audit
seqera-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
seqera-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Remote Code Execution via RUBE_REMOTE_WORKBENCH, Exposure of sensitive data through Rube MCP tools, Uncontrolled external dependency on rube.app/mcp.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Remote Code Execution via RUBE_REMOTE_WORKBENCH The skill suggests using `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'remote workbench' and the function `run_composio_tool()` strongly imply the ability to execute arbitrary code or commands in a remote environment. If an attacker can manipulate the input to this tool, they could achieve remote code execution, leading to severe compromise of the environment where the workbench operates or the data it can access. Clarify the exact capabilities and security model of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Implement strict input validation and sandboxing for any code or commands executed through this tool. If it allows arbitrary code, it should be restricted or removed. | LLM | SKILL.md:68 | |
| HIGH | Uncontrolled external dependency on rube.app/mcp The skill is entirely dependent on the external `Rube MCP` service hosted at `https://rube.app/mcp`. There are no mechanisms described to verify the integrity or version of this external service. A compromise of `rube.app` or the `Composio` toolkits it provides could directly impact the security of this skill and any systems it interacts with, without the user being able to detect or mitigate the risk. This represents a significant supply chain vulnerability. Implement mechanisms to verify the integrity and authenticity of the `Rube MCP` service and its toolkits (e.g., cryptographic signatures, version pinning, trusted registry). Provide guidance on how users can assess the security of `rube.app` before integrating it. Consider self-hosting or sandboxing the MCP interaction if possible. | LLM | SKILL.md:19 | |
| MEDIUM | Exposure of sensitive data through Rube MCP tools The skill instructs the LLM to use `RUBE_MANAGE_CONNECTIONS` for handling Seqera authentication and `RUBE_MULTI_EXECUTE_TOOL` with `arguments` and `memory` parameters. While the skill itself doesn't directly exfiltrate data, it relies on external tools that handle sensitive information (credentials, operational data). If the underlying `Rube MCP` or `seqera` toolkit has vulnerabilities, or if the LLM is prompted to pass sensitive data to these tools without proper sanitization or scope limitation, it could lead to the exposure or exfiltration of user data or credentials. Emphasize strict input validation and sanitization for all arguments passed to `RUBE_MANAGE_CONNECTIONS` and `RUBE_MULTI_EXECUTE_TOOL`. Provide clear guidelines on what kind of data should *not* be passed to these tools. Ensure the underlying `Rube MCP` and `seqera` toolkit implementations adhere to security best practices for data handling and credential management. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/a924618ec1ff585c)
Powered by SkillShield