Security Audit
tavily-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
tavily-automation received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Excessive Permissions via Generic Execution Tools, Potential Command Injection and Data Exfiltration via Generic Execution, Supply Chain Risk from External MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via Generic Execution Tools The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. While the stated purpose is 'Tavily operations', these tools are generic execution mechanisms. If Rube MCP exposes tools beyond just Tavily (e.g., filesystem access, network requests to internal services, or other sensitive APIs), then this skill implicitly grants the LLM access to those broader capabilities. This creates a potential for privilege escalation if the LLM is prompted to execute unintended actions. Implement strict access control within Rube MCP to ensure that skills are only granted permissions to the specific tools and operations they are designed for. For `RUBE_MULTI_EXECUTE_TOOL`, consider restricting the allowed `tool_slug` values to a predefined whitelist relevant to Tavily. For `RUBE_REMOTE_WORKBENCH`, clarify its capabilities and restrict it if it allows arbitrary code execution beyond the skill's scope. | Static | SKILL.md:55 | |
| HIGH | Potential Command Injection and Data Exfiltration via Generic Execution The skill utilizes `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` (which mentions `run_composio_tool()`). These generic execution tools present a significant risk for command injection and data exfiltration. If a malicious prompt can manipulate the `arguments` for `RUBE_MULTI_EXECUTE_TOOL` or inject code into `RUBE_REMOTE_WORKBENCH`'s operations, and if the underlying tools exposed by Rube MCP are vulnerable or allow arbitrary system commands, file access, or network requests, an attacker could execute arbitrary code or exfiltrate sensitive data. Implement robust input validation and sanitization for all arguments passed to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Ensure that `run_composio_tool()` does not allow arbitrary code execution or access to sensitive system resources. All tools exposed via Rube MCP should follow the principle of least privilege and be thoroughly audited for potential command injection or data exfiltration vulnerabilities. | Static | SKILL.md:79 | |
| MEDIUM | Supply Chain Risk from External MCP Dependency The skill explicitly depends on the 'rube' MCP, hosted at `https://rube.app/mcp`, and is powered by Composio (`https://composio.dev`). The security and integrity of this skill are directly tied to the trustworthiness and security posture of the Rube MCP and the Composio platform. A compromise of these external services could directly impact the security of this skill and any systems interacting with it. Conduct a thorough security audit and due diligence on the Rube MCP and Composio platform. Implement mechanisms to verify the integrity and authenticity of the MCP server and its provided tools. Regularly monitor for security advisories related to these dependencies. | Static | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/42b32c385a76bba0)
Powered by SkillShield