Security Audit
shipengine-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
shipengine-automation received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Broad access to Shipengine API operations via RUBE_MULTI_EXECUTE_TOOL, Vague and potentially broad execution capabilities via RUBE_REMOTE_WORKBENCH, Reliance on external Rube MCP introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Vague and potentially broad execution capabilities via RUBE_REMOTE_WORKBENCH The skill mentions `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' using `run_composio_tool()`. The term 'workbench' often implies a powerful, less constrained execution environment. If `run_composio_tool()` can execute arbitrary Composio tools beyond the Shipengine toolkit, or allows for complex scripting, this could grant the AI agent excessive and potentially unintended permissions, leading to a wider attack surface. The lack of specific details about `RUBE_REMOTE_WORKBENCH`'s exact capabilities and scope makes it a significant unknown risk. Provide clear and detailed documentation on the exact scope, limitations, and security implications of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows execution of tools outside the Shipengine toolkit, this should be explicitly stated and justified, or its use should be restricted. Implement strong access controls and monitoring for any actions performed via this tool. | LLM | SKILL.md:70 | |
| MEDIUM | Broad access to Shipengine API operations via RUBE_MULTI_EXECUTE_TOOL The skill documentation describes `RUBE_MULTI_EXECUTE_TOOL` which allows the execution of any discovered Shipengine tool. This grants the AI agent broad capabilities to perform various operations on the user's Shipengine account, including potentially sensitive actions like creating shipments, managing carriers, or accessing customer data. While this is the intended functionality of an automation skill, it represents a significant permission scope. If the AI agent is not properly constrained, it could perform unintended or unauthorized actions on the Shipengine account, limited only by the underlying Shipengine API permissions. Implement strict guardrails and user confirmation for sensitive Shipengine operations. Ensure the LLM's access to this tool is limited to specific, pre-approved use cases. Consider implementing more granular permissions within the Rube MCP if possible to restrict the scope of tools available to the agent. | LLM | SKILL.md:49 | |
| LOW | Reliance on external Rube MCP introduces supply chain risk The skill explicitly depends on the Rube MCP (`https://rube.app/mcp`) for all its functionality, as declared in the manifest and body. While this is a standard dependency for Composio skills, it introduces a supply chain risk. A compromise of the Rube MCP service or its infrastructure could potentially lead to unauthorized access, data manipulation, or exfiltration through the tools exposed by the MCP. The skill itself does not mitigate this external dependency risk, requiring trust in the third-party provider. Users should be aware of the trust placed in `rube.app` as a critical external dependency. Implement robust monitoring of API calls made through the MCP. For highly sensitive operations, consider evaluating the security posture of the MCP provider or exploring options for private/self-hosted MCP instances if available. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/84eff2b4d6f1bfad)
Powered by SkillShield