Trust Assessment
veo-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary code execution and excessive permissions via RUBE_REMOTE_WORKBENCH, Dynamic tool execution and excessive permissions via RUBE_MULTI_EXECUTE_TOOL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary code execution and excessive permissions via RUBE_REMOTE_WORKBENCH The skill documentation explicitly mentions using `RUBE_REMOTE_WORKBENCH` for "Bulk ops" with `run_composio_tool()`. This strongly implies the ability to execute arbitrary code or functions within the Rube MCP environment. If `run_composio_tool()` allows untrusted input to dictate the code executed, it represents a severe command injection vulnerability. This capability grants excessive permissions, allowing the skill to perform any operation available through `run_composio_tool()`, potentially leading to data exfiltration, system compromise, or unauthorized actions. Clarify the exact capabilities and security model of `run_composio_tool()`. If it allows arbitrary code execution, implement strict input validation, sandboxing, and whitelisting for any code executed via this mechanism. Ensure that the Rube MCP itself has robust security controls to prevent malicious use of `run_composio_tool()` and that the skill's access to this function is strictly limited to predefined, safe operations. | LLM | SKILL.md:78 | |
| HIGH | Dynamic tool execution and excessive permissions via RUBE_MULTI_EXECUTE_TOOL The skill uses `RUBE_SEARCH_TOOLS` to discover tool slugs and then `RUBE_MULTI_EXECUTE_TOOL` to execute them. This pattern allows the skill to dynamically execute any tool exposed by the Rube MCP for Veo operations. The skill's effective permissions are not static but depend on the evolving set of tools available through Rube. This grants excessive permissions by delegation, as a malicious Rube MCP or a compromised tool within Rube could expose and enable the execution of highly privileged or unintended operations without explicit declaration in the skill's manifest. This increases the attack surface and makes it harder to reason about the skill's true capabilities. Implement a strict whitelist or explicit approval mechanism for tools that can be executed via `RUBE_MULTI_EXECUTE_TOOL`. The skill should only be able to execute a predefined set of tools essential for its stated purpose. Ensure that the Rube MCP provides granular permission controls for individual tools and that the skill's access is limited to the minimum necessary. Regularly audit the tools exposed by the Rube MCP and the skill's usage patterns. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/5788fa64df6da9fe)
Powered by SkillShield