Trust Assessment
vero-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via RUBE_REMOTE_WORKBENCH The skill explicitly instructs the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This tool appears to offer a general-purpose execution environment for Composio tools. If `run_composio_tool()` can execute arbitrary code or scripts, or if the Composio tools it can run have broad system access, this represents a significant privilege escalation risk. An attacker could potentially leverage this to execute malicious code or perform unauthorized actions through the underlying Composio platform. Review the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. If they allow arbitrary code execution or broad system access, consider restricting the scope of operations available through this tool or implementing stricter sandboxing. Provide more specific examples or constraints on what `run_composio_tool()` can execute. | Static | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/c664d5e1261a86bb)
Powered by SkillShield