Security Audit
skyfire-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
skyfire-automation received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in manifest, Broad tool execution capability via dynamic discovery, Potentially dangerous 'RUBE_REMOTE_WORKBENCH' primitive.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution capability via dynamic discovery The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` with dynamically discovered tool slugs (`TOOL_SLUG_FROM_SEARCH`). This allows the LLM to execute any tool available through the Rube MCP and connected toolkits (like Skyfire), based on search results. This grants broad and potentially undefined access to external systems and operations, increasing the attack surface if a malicious tool is introduced or if the LLM is prompted to execute unintended operations. Implement stricter controls or an explicit allow-list for tool slugs that can be executed. If possible, define a narrower set of allowed operations or specific tool capabilities rather than relying solely on dynamic discovery and execution of any tool. | LLM | SKILL.md:48 | |
| HIGH | Potentially dangerous 'RUBE_REMOTE_WORKBENCH' primitive The skill's quick reference mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' typically implies an environment with broad capabilities, potentially including arbitrary code execution or access to a wide range of system resources. If `run_composio_tool()` can execute arbitrary commands or scripts, this represents a significant command injection and excessive permissions risk, allowing for unauthorized operations or data exfiltration. Clarify the exact capabilities and security implications of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If it allows arbitrary code execution, it should be restricted or removed, or its usage heavily guarded with strict input validation and access controls. Provide specific examples of allowed operations if it's intended for limited use. | LLM | SKILL.md:76 | |
| MEDIUM | Unpinned dependency in manifest The skill's manifest specifies a dependency on 'rube' within the 'mcp' category without a version constraint. This can lead to unexpected behavior, compatibility issues, or security vulnerabilities if a new, incompatible, or malicious version of the dependency is introduced. Without version pinning, the skill might inadvertently use an unverified or compromised version of the Rube MCP. Pin the 'rube' dependency to a specific version or a version range (e.g., `"rube": "1.2.3"` or `"rube": "^1.0.0"`) to ensure consistent and secure behavior. | LLM | Manifest:4 |
Scan History
Embed Code
[](https://skillshield.io/report/0335874b6f257de2)
Powered by SkillShield