Security Audit
splitwise-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
splitwise-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill exposes general-purpose tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill exposes general-purpose tool execution via RUBE_REMOTE_WORKBENCH The skill documents the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The `run_composio_tool()` function, as implied by its name and general description, suggests the ability to execute arbitrary Composio tools. If the Composio ecosystem includes tools with broad permissions (e.g., filesystem access, arbitrary network requests, or shell execution), this skill provides a path for an AI agent to access capabilities beyond the stated purpose of 'Splitwise Automation,' leading to excessive permissions and potential command injection. Restrict the scope of `RUBE_REMOTE_WORKBENCH` or `run_composio_tool()` within the skill's instructions to only Splitwise-specific operations. Alternatively, ensure the underlying Rube MCP system strictly sandboxes `run_composio_tool()` to prevent access to sensitive system resources or unrelated toolkits. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/e92d5ae6951c9eba)
Powered by SkillShield