Security Audit
virustotal-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
virustotal-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential for sensitive data exfiltration via Virustotal submissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential for sensitive data exfiltration via Virustotal submissions The skill exposes tools that allow the AI agent to submit files and URLs to Virustotal for analysis via `RUBE_MULTI_EXECUTE_TOOL`. If the AI agent is compromised (e.g., through prompt injection), it could be coerced into reading sensitive local files or internal URLs and submitting them to Virustotal. As Virustotal is a public service, submitted data may become publicly accessible or stored, leading to unintended data exfiltration. Implement strict input validation and sanitization for any data passed to Virustotal tools. Ensure the LLM's access to local files is minimized. Consider a human-in-the-loop approval process for sensitive Virustotal submissions. Clearly document the privacy implications of submitting data to Virustotal to users. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/37db5d6d69964f41)
Powered by SkillShield