Security Audit
triggercmd-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
triggercmd-automation received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Broad Tool Execution Capabilities via Rube MCP, Unpinned Dependency on External Rube MCP Service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Tool Execution Capabilities via Rube MCP The skill description encourages the use of generic execution tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` to interact with the `triggercmd` toolkit. `RUBE_MULTI_EXECUTE_TOOL` allows executing any discovered tool slug, and `RUBE_REMOTE_WORKBENCH` is described for 'Bulk ops' using `run_composio_tool()`. This implies that the agent, once connected, can perform a wide range of actions within the Triggercmd service without granular permission checks defined within the skill itself. The skill relies entirely on the permissions granted to the `triggercmd` toolkit via Rube MCP, which could be overly broad, potentially leading to unauthorized or unintended operations. Implement more granular permission scopes for the `triggercmd` toolkit within Rube MCP. If possible, restrict the `tool_slug` to a predefined allowlist of safe operations, or require explicit user confirmation for sensitive actions. Provide clear documentation on the exact permissions required by the `triggercmd` toolkit and ensure the agent only requests the minimum necessary permissions. | LLM | SKILL.md:65 | |
| HIGH | Unpinned Dependency on External Rube MCP Service The skill relies on the Rube MCP service hosted at `https://rube.app/mcp`. The manifest declares a dependency on `rube` MCP, but there is no version pinning or integrity check for the Rube MCP endpoint specified in the skill's setup instructions. This means the skill will always fetch the latest version of the Rube MCP from `rube.app/mcp`. A compromise of the `rube.app` domain or the Rube MCP service could lead to the injection of malicious code or tools into the agent's environment, affecting all skills that depend on it without detection. Implement version pinning for the Rube MCP dependency. If direct version pinning is not possible for an MCP endpoint, consider using a trusted proxy or a mechanism to verify the integrity of the MCP content (e.g., cryptographic hash or signature) before use. Document the expected hash or signature of the Rube MCP to detect tampering. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/9bd423061665cf65)
Powered by SkillShield