Security Audit
storerocket-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
storerocket-automation received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Broad tool execution via RUBE_REMOTE_WORKBENCH, Risk of data exfiltration through RUBE_MULTI_EXECUTE_TOOL, External dependency on Rube MCP introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution via RUBE_REMOTE_WORKBENCH The skill exposes `RUBE_REMOTE_WORKBENCH` which allows for 'Bulk ops' using `run_composio_tool()`. This mechanism suggests the ability to execute a wide range of Composio tools within a 'remote workbench' environment. If the underlying Composio tools are not strictly sandboxed or if the agent can be prompted to execute arbitrary tools or arguments, this could grant excessive permissions, leading to unauthorized actions, data access, or even command injection. The scope of `run_composio_tool()` is not defined, but 'remote workbench' implies a powerful execution context. Implement strict allow-listing and sandboxing for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that the agent can only execute a predefined set of safe tools with strictly controlled arguments. Provide granular permissions for each Composio tool and enforce them at the MCP level. Avoid allowing arbitrary tool execution or arbitrary arguments. | LLM | SKILL.md:70 | |
| MEDIUM | Risk of data exfiltration through RUBE_MULTI_EXECUTE_TOOL The skill guides the agent to use `RUBE_MULTI_EXECUTE_TOOL` to perform 'Storerocket operations'. If any of the available Storerocket tools can access sensitive data and the agent is prompted to use such a tool to read data and then output it or send it to an unauthorized destination, it could lead to data exfiltration. The 'schema-compliant args' might prevent arbitrary data access via arguments, but not the execution of a legitimate tool for malicious purposes if the agent is compromised. Implement strict data access policies for all Storerocket tools exposed via Rube MCP. Ensure that sensitive data can only be accessed by authorized users/agents and that output is carefully sanitized or restricted. Monitor agent interactions for unusual data access patterns or attempts to output large amounts of data. | LLM | SKILL.md:49 | |
| MEDIUM | External dependency on Rube MCP introduces supply chain risk The skill relies entirely on the 'Rube MCP' for its functionality, as declared in the manifest (`"mcp": ["rube"]`) and detailed in the skill documentation (`https://rube.app/mcp`). A compromise of the Rube MCP platform, its infrastructure, or the `rube.app` domain could lead to malicious tool definitions, unauthorized code execution, or data exfiltration affecting this skill and any agent using it. This is an inherent supply chain risk associated with external dependencies. Implement robust vetting processes for all external dependencies like Rube MCP. Monitor the security posture of `rube.app` and the Rube platform. Consider implementing network egress filtering to restrict where the MCP can connect. Ensure that the MCP itself enforces strong authentication, authorization, and sandboxing for all executed tools. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b24cdb7d4d0a0cf3)
Powered by SkillShield