Security Audit
thanks-io-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
thanks-io-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Encourages broad tool execution via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Encourages broad tool execution via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH The skill guides the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools allow for dynamic discovery and execution of various `thanks_io` operations and potentially any Composio tool. This pattern grants broad capabilities to the LLM, increasing the risk of unintended actions or excessive permissions if the underlying tools have sensitive operations and the LLM's usage is not sufficiently constrained. Specifically, `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` suggests a very generic execution capability that could extend beyond the immediate scope of 'thanks-io-automation'. Consider implementing stricter access controls or fine-grained permissions for the LLM's interaction with `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. If possible, restrict the LLM to a predefined set of `thanks_io` tool slugs or specific operations rather than allowing dynamic discovery and execution of all available tools. Ensure the `thanks_io` toolkit itself follows the principle of least privilege and that the LLM's execution environment enforces appropriate guardrails. | LLM | SKILL.md:49 | |
| MEDIUM | Encourages broad tool execution via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH The skill guides the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools allow for dynamic discovery and execution of various `thanks_io` operations and potentially any Composio tool. This pattern grants broad capabilities to the LLM, increasing the risk of unintended actions or excessive permissions if the underlying tools have sensitive operations and the LLM's usage is not sufficiently constrained. Specifically, `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` suggests a very generic execution capability that could extend beyond the immediate scope of 'thanks-io-automation'. Consider implementing stricter access controls or fine-grained permissions for the LLM's interaction with `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. If possible, restrict the LLM to a predefined set of `thanks_io` tool slugs or specific operations rather than allowing dynamic discovery and execution of all available tools. Ensure the `thanks_io` toolkit itself follows the principle of least privilege and that the LLM's execution environment enforces appropriate guardrails. | LLM | SKILL.md:75 |
Scan History
Embed Code
[](https://skillshield.io/report/33e0463a608e2e05)
Powered by SkillShield