Security Audit

taxjar-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

taxjar-automation received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Dependency on Rube MCP, Potential Command Injection via RUBE_REMOTE_WORKBENCH.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned Dependency on Rube MCP The skill relies on the Rube MCP server at `https://rube.app/mcp` and the `taxjar` toolkit without specifying a version or content hash. This means the skill will always use the latest version provided by the MCP. If the `rube.app` server or the `taxjar` toolkit served by it is compromised, or if a malicious update is pushed, the skill would automatically incorporate potentially harmful functionality without explicit review. This introduces a significant supply chain risk. Implement version pinning or content hashing for the Rube MCP and its toolkits. For example, specify a minimum version, a specific version, or a content hash for the `rube` dependency and the `taxjar` toolkit to ensure deterministic and secure dependency resolution.	LLM	SKILL.md:30
HIGH	Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to provide a general-purpose execution environment for Composio tools. Without clear sandboxing or restrictions, `run_composio_tool()` could potentially be used to execute arbitrary code or commands, or to access tools beyond the intended `taxjar` scope, leading to command injection or privilege escalation. The documentation does not specify any limitations on what `run_composio_tool()` can execute or what environment it runs in. This represents a significant risk if a malicious prompt instructs the agent to misuse this powerful tool. Clarify and enforce strict sandboxing and access controls for `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure it can only execute explicitly allowed `taxjar` operations and cannot be used for arbitrary code execution or to access sensitive system resources. Provide detailed documentation on its security boundaries and usage restrictions.	LLM	SKILL.md:90

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/449e039eb9e0b1b4.svg)](https://skillshield.io/report/449e039eb9e0b1b4)