Security Audit
wakatime-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
wakatime-automation received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Broad tool execution via RUBE_REMOTE_WORKBENCH, Broad tool execution via RUBE_MULTI_EXECUTE_TOOL, Sensitive connection management via RUBE_MANAGE_CONNECTIONS.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad tool execution via RUBE_REMOTE_WORKBENCH The skill documentation explicitly mentions `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. This primitive allows the execution of arbitrary Composio tools. If the LLM is compromised, it could be instructed to use this tool to execute any available Composio tool, potentially leading to unauthorized actions, data exfiltration, or command injection if underlying tools have such vulnerabilities. The scope of tools executable via `run_composio_tool()` is not explicitly restricted to Wakatime operations within this documentation. Restrict `RUBE_REMOTE_WORKBENCH` to a predefined, safe subset of tools, or ensure `run_composio_tool()` is strictly scoped to Wakatime operations and has robust input validation. Provide clear documentation on the security implications and how to mitigate them. | LLM | SKILL.md:70 | |
| MEDIUM | Broad tool execution via RUBE_MULTI_EXECUTE_TOOL The `RUBE_MULTI_EXECUTE_TOOL` primitive allows execution of any tool slug. While the documentation suggests using `RUBE_SEARCH_TOOLS` with a 'Wakatime operations' use case, there's no explicit mechanism to prevent the LLM from being prompted to execute non-Wakatime tools if they are discovered or known. This grants broader execution permissions than strictly necessary for a Wakatime-specific skill, increasing the attack surface if the LLM is compromised. Implement stricter access controls or validation within the Rube MCP system to ensure that `RUBE_MULTI_EXECUTE_TOOL` can only execute tools explicitly whitelisted for the Wakatime skill, or tools that strictly match the intended `use_case`. | LLM | SKILL.md:55 | |
| MEDIUM | Sensitive connection management via RUBE_MANAGE_CONNECTIONS The skill utilizes `RUBE_MANAGE_CONNECTIONS` to establish and manage Wakatime connections. This tool inherently handles sensitive information such as API keys or authentication tokens. A compromised LLM could potentially be prompted to expose connection details, revoke legitimate connections, or establish connections to unauthorized services, leading to credential harvesting or data exfiltration. Ensure `RUBE_MANAGE_CONNECTIONS` has granular permissions, allowing only necessary operations (e.g., checking status, initiating auth flow) and preventing the display or modification of sensitive credentials by the LLM. Implement strong logging and alerting for connection management actions. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/ca9779f80f1dd12a)
Powered by SkillShield