Security Audit

signpath-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

signpath-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency on Rube MCP, `RUBE_REMOTE_WORKBENCH` allows arbitrary `run_composio_tool()` calls.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned dependency on Rube MCP The skill explicitly depends on the 'rube' MCP, as indicated in the manifest's `requires` field and the skill's instructions to connect to `https://rube.app/mcp`. There is no version pinning or integrity checking mechanism specified for the Rube MCP or the tools it provides. This makes the skill vulnerable to supply chain attacks if the `rube.app` service is compromised or if malicious tools are introduced into the Rube ecosystem. The skill's behavior and security are entirely dependent on the integrity of this external service. Implement version pinning or integrity checks for the Rube MCP and its tools. Consider sandboxing the execution environment for tools sourced from external MCPs to mitigate risks from compromised dependencies.	Static	SKILL.md:1
HIGH	`RUBE_REMOTE_WORKBENCH` allows arbitrary `run_composio_tool()` calls The skill documentation explicitly lists `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as an approach for 'Bulk ops'. This suggests that the `RUBE_REMOTE_WORKBENCH` tool, when invoked, can execute arbitrary `composio_tool()` functions. If `run_composio_tool()` allows for execution of any discovered tool or even arbitrary code within the Rube environment, it represents a significant security risk. An attacker could potentially craft inputs to `RUBE_REMOTE_WORKBENCH` to execute malicious tools or operations with the permissions of the agent. The scope and safety of `run_composio_tool()` are not defined, making this a black box with potentially excessive power. Clarify the exact capabilities and limitations of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary tool execution, ensure strict input validation, sandboxing, and least-privilege principles are applied. Consider if such a powerful tool is truly necessary for the skill's intended purpose, or if more granular tools could be used.	Static	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/10c4dba5edaddd0f.svg)](https://skillshield.io/report/10c4dba5edaddd0f)