Security Audit
streamtime-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
streamtime-automation received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Excessive Permissions - Broad Tool Access, Supply Chain Risk - External MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. The term 'workbench' often implies a flexible execution environment that could allow arbitrary code or command execution. If `run_composio_tool()` is not properly sandboxed or allows user-controlled input to be executed as commands, a malicious user could instruct the LLM to perform command injection, leading to arbitrary code execution within the Rube MCP environment or connected systems. Clarify the exact capabilities and input sanitization of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure that `run_composio_tool()` is properly sandboxed and does not allow arbitrary code or command execution from user-controlled input. If it does, explicitly warn users about the risks and provide strict guidelines for its safe use. | LLM | SKILL.md:68 | |
| HIGH | Supply Chain Risk - External MCP Dependency The skill has a hardcoded dependency on an external Rube MCP server located at `https://rube.app/mcp`. This introduces a supply chain risk. If the `rube.app` domain or its MCP service were to be compromised or become malicious, the integrity and security of the skill's operations could be jeopardized, potentially leading to data exfiltration, unauthorized access, or other security incidents. Recommend that users verify the trustworthiness of `rube.app` and its MCP service. For skill developers, consider providing options for self-hosting or using trusted, verified MCP instances, or at least clearly documenting the risks associated with relying on third-party services for core functionality. | LLM | SKILL.md:19 | |
| MEDIUM | Excessive Permissions - Broad Tool Access The skill facilitates broad access to Streamtime operations through `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. While the skill itself does not define permissions, it enables the LLM to perform a wide range of actions ('Streamtime operations', 'Bulk ops'). If the underlying Rube MCP connection to Streamtime is configured with overly broad permissions (e.g., administrative access), a malicious user could instruct the LLM to perform highly privileged or destructive operations on Streamtime. Advise users to configure the Rube MCP connection to Streamtime with the principle of least privilege, granting only the necessary permissions for the intended tasks. The skill documentation should explicitly warn about the implications of broad permissions and encourage users to review the scope of access granted to the Rube connection. | LLM | SKILL.md:66 |
Scan History
Embed Code
[](https://skillshield.io/report/7dec7f24f426d7ca)
Powered by SkillShield