Security Audit
slackbot-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
slackbot-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Undefined Slackbot Connection Scopes.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Undefined Slackbot Connection Scopes The skill instructs the user to establish a connection to the `slackbot` toolkit via `RUBE_MANAGE_CONNECTIONS`. However, the skill does not specify the required or default OAuth scopes for this connection. If the `slackbot` toolkit requests broad permissions (e.g., administrative access, ability to read/write all messages, manage channels, etc.) by default, this could grant excessive privileges to the underlying Composio integration, leading to potential data exposure or unauthorized actions if compromised. Specify the minimum necessary OAuth scopes required for the `slackbot` toolkit connection. Instruct users to review and approve only these specific scopes during the connection setup. If the toolkit's default scopes are broad, provide guidance on how to restrict them if possible, or clearly state the implications of granting broad access. | LLM | SKILL.md:21 |
Scan History
Embed Code
[](https://skillshield.io/report/b78db046bbfa78ac)
Powered by SkillShield