Trust Assessment
wati-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include RUBE_REMOTE_WORKBENCH tool grants broad execution capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | RUBE_REMOTE_WORKBENCH tool grants broad execution capabilities The skill exposes the `RUBE_REMOTE_WORKBENCH` tool for 'Bulk ops' which explicitly mentions using `run_composio_tool()`. This suggests a powerful and potentially unconstrained execution environment. If `run_composio_tool()` is not strictly sandboxed or if its capabilities are too broad, it could allow the LLM to execute arbitrary code or commands beyond the intended scope of Wati operations, leading to excessive permissions, command injection, or data exfiltration. The documentation does not specify the exact scope or sandboxing of `run_composio_tool()`. Clarify and restrict the capabilities of `RUBE_REMOTE_WORKBENCH` and `run_composio_tool()`. Ensure `run_composio_tool()` is strictly sandboxed and only allows execution of explicitly whitelisted and safe Wati operations. Provide detailed documentation on the security implications and limitations of `RUBE_REMOTE_WORKBENCH`. Consider if such a broad tool is necessary for the skill, or if more granular tools can achieve the same functionality with less risk. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/391d547ede6a5c9c)
Powered by SkillShield