Security Audit
sidetracker-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
sidetracker-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency on Rube MCP, Broad remote execution capabilities via RUBE_REMOTE_WORKBENCH, Management of sensitive connections via RUBE_MANAGE_CONNECTIONS.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency on Rube MCP The skill relies on the Rube MCP at `https://rube.app/mcp` without specifying a version. This means that any changes, including malicious updates or vulnerabilities, introduced by the Rube MCP provider would automatically affect this skill without explicit review or update by the skill developer. This poses a significant supply chain risk, as the MCP is responsible for executing tools and managing sensitive connections. Implement version pinning or a mechanism to validate the Rube MCP version or capabilities before use. For external services, this might involve cryptographic verification of the endpoint or a specific API version. | LLM | SKILL.md:1 | |
| HIGH | Broad remote execution capabilities via RUBE_REMOTE_WORKBENCH The skill exposes the `RUBE_REMOTE_WORKBENCH` tool, which allows for 'Bulk ops' and `run_composio_tool()`. This capability grants very broad permissions to execute arbitrary Composio tools or operations on the remote Rube MCP. If an attacker can manipulate the arguments passed to `run_composio_tool()` via prompt injection to the LLM, they could potentially execute unauthorized commands, exfiltrate data, or perform destructive actions on the Sidetracker system or other systems accessible to the Rube MCP. This is a powerful primitive that could be abused. Restrict the capabilities of `RUBE_REMOTE_WORKBENCH` to a predefined set of safe operations or specific tool calls. Implement strict input validation and sanitization for any arguments passed to `run_composio_tool()` to prevent arbitrary command execution. Consider if this broad tool is truly necessary for the skill's intended purpose. | LLM | SKILL.md:80 | |
| MEDIUM | Management of sensitive connections via RUBE_MANAGE_CONNECTIONS The skill instructs the LLM to use `RUBE_MANAGE_CONNECTIONS` to establish and verify connections to Sidetracker, including following 'auth links'. While necessary for functionality, this tool handles sensitive connection details and authentication flows. If the Rube MCP is compromised, or if the `RUBE_MANAGE_CONNECTIONS` tool itself has vulnerabilities, it could lead to the exposure or harvesting of Sidetracker credentials or unauthorized access to the Sidetracker system. The skill acts as a conduit for these sensitive operations. Ensure that the Rube MCP and its `RUBE_MANAGE_CONNECTIONS` tool adhere to strong security practices for handling credentials. Implement robust logging and monitoring for connection management activities. Consider if the skill needs to expose the full `RUBE_MANAGE_CONNECTIONS` functionality or if a more restricted interface could be used. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/706eef6dcf6c61ed)
Powered by SkillShield