Security Audit
verifiedemail-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
verifiedemail-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill exposes broad tool execution via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill exposes broad tool execution via RUBE_REMOTE_WORKBENCH The skill documentation mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This suggests a powerful capability that allows for general-purpose execution of Composio tools, potentially enabling an agent to perform a wide range of actions beyond specific, narrowly defined tasks. If not properly constrained, this could lead to an agent executing unintended or malicious operations by leveraging this broad access. Review the necessity of exposing `RUBE_REMOTE_WORKBENCH` to the agent. If broad access is required, ensure robust guardrails, monitoring, and user consent mechanisms are in place for actions performed via this tool. Consider providing more granular tools or restricting the scope of `RUBE_REMOTE_WORKBENCH` if possible to limit potential misuse. | LLM | SKILL.md:71 |
Scan History
Embed Code
[](https://skillshield.io/report/528227f95b0562f6)
Powered by SkillShield