Security Audit
servicem8-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
servicem8-automation received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH, Broad Access to Servicem8 Operations, Unpinned External MCP Endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' and 'run_composio_tool()' often imply the ability to execute arbitrary code or scripts in a remote environment. Without clear limitations or sandboxing, this could allow an attacker to inject commands, read sensitive files, or exfiltrate data from the environment where the Rube MCP operates. This poses a significant command injection and data exfiltration risk. Clarify the capabilities and security boundaries of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it operates within a strictly sandboxed environment with minimal permissions, or remove its availability if not strictly necessary. Provide examples of safe usage and explicitly state what it *cannot* do. | LLM | SKILL.md:63 | |
| MEDIUM | Broad Access to Servicem8 Operations The skill allows the LLM to perform 'Servicem8 operations' via `RUBE_MULTI_EXECUTE_TOOL`. Servicem8 is a business-critical application handling sensitive customer data, financial information, and operational details. The skill does not specify any granular permissions or restrictions on which Servicem8 operations can be performed. This broad access could lead to unauthorized data modification, retrieval, or deletion if the LLM is compromised or misused, violating the principle of least privilege. Implement granular access control for Servicem8 tools. Specify the exact Servicem8 APIs or functionalities that the skill is authorized to access. Ensure the LLM's access is limited to the principle of least privilege. | LLM | SKILL.md:40 | |
| MEDIUM | Unpinned External MCP Endpoint The skill relies on an external MCP server at `https://rube.app/mcp`. While the endpoint is specified, there is no version pinning or cryptographic verification mechanism for the MCP server itself. A compromise of the `rube.app` domain, its DNS, or the server infrastructure could result in the LLM connecting to a malicious MCP, which could then serve compromised tools, exfiltrate data, or execute arbitrary commands, posing a significant supply chain risk. Implement mechanisms for verifying the integrity and authenticity of the Rube MCP server, such as cryptographic signatures or version pinning. Consider using a private or self-hosted MCP if the risk is unacceptable. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/f77eea165837c83d)
Powered by SkillShield