Security Audit

superchat-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

superchat-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Dynamic tool execution allows broad access.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Dynamic tool execution allows broad access The skill's core workflow involves dynamically discovering tools via `RUBE_SEARCH_TOOLS` and then executing them using `RUBE_MULTI_EXECUTE_TOOL` or `RUBE_REMOTE_WORKBENCH`. While the `RUBE_SEARCH_TOOLS` call includes a `use_case` parameter (e.g., "Superchat operations") to guide discovery, there is no explicit mechanism described within the skill to restrict the execution of tools solely to the intended domain (Superchat). If the Rube MCP provides tools with broad system access (e.g., filesystem, network, other services) or if the `RUBE_SEARCH_TOOLS` response can be manipulated (e.g., via prompt injection into the `use_case` or a compromised Rube MCP), the `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` could be used to execute arbitrary tools, leading to excessive permissions. The `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` is particularly concerning as it implies a general-purpose tool execution environment. Implement explicit whitelisting or strict validation of `tool_slug` values before execution, ensuring only Superchat-related tools are allowed. If `RUBE_REMOTE_WORKBENCH` offers general execution, ensure its scope is strictly limited or that it's only used for pre-approved, sandboxed operations. The skill should clearly define and enforce the boundaries of what tools it is allowed to execute.	LLM	SKILL.md:46

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0be32fab6204e66a.svg)](https://skillshield.io/report/0be32fab6204e66a)