Security Audit

sevdesk-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

100

TRUSTED

Scanned 4 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sevdesk-automation received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Broad access to external API operations.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
INFO	Broad access to external API operations The skill instructs the agent to use `RUBE_SEARCH_TOOLS` to dynamically discover all available Sevdesk operations and subsequently `RUBE_MULTI_EXECUTE_TOOL` to execute them. This grants the agent broad, dynamic access to the full range of functionalities exposed by the Sevdesk API via the Rube MCP. While this is the intended purpose of an automation skill, it means the agent can perform any action permitted by the connected Sevdesk account, which could include sensitive operations like creating/deleting invoices, managing clients, or accessing financial data. Users should be aware of the extensive capabilities granted to the agent when enabling this skill. Ensure that the Sevdesk account connected to Rube MCP adheres to the principle of least privilege, granting only the necessary permissions for the intended automation tasks. Implement robust monitoring and auditing of agent actions. If possible, consider adding more granular control or user confirmation steps for highly sensitive operations, if the underlying Rube tools or platform support such features.	LLM	SKILL.md:60

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/792d95a0d3b93be5.svg)](https://skillshield.io/report/792d95a0d3b93be5)