Security Audit

webvizio-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

webvizio-automation received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Tool Execution Capabilities via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Broad Tool Execution Capabilities via Rube MCP The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`, which provide broad and potentially unconstrained access to Webvizio operations and a powerful execution environment. 1. `RUBE_MULTI_EXECUTE_TOOL`: This tool allows the LLM to execute any Webvizio tool discovered via `RUBE_SEARCH_TOOLS`. This means the LLM can perform any action supported by the Webvizio toolkit, including potentially destructive operations, data modification, or access to sensitive information, based on user prompts. 2. `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`: This is described for 'Bulk ops' and suggests a highly privileged execution environment. If `run_composio_tool()` allows arbitrary code execution or broad system access within the Composio environment, this presents a significant command injection and privilege escalation risk. The combination of dynamic tool discovery and execution, especially with a powerful and potentially unconstrained tool like `RUBE_REMOTE_WORKBENCH`, grants the LLM excessive permissions. This could be exploited by malicious user input to perform unauthorized actions, exfiltrate data, or compromise the connected Webvizio account. 1. Implement Least Privilege: Restrict the LLM's access to only the specific Webvizio tools and operations required for the skill's intended purpose. Avoid granting blanket execution rights. 2. Strict Input Validation: Ensure all arguments passed to `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH` are rigorously validated and sanitized to prevent injection attacks. 3. Limit `RUBE_REMOTE_WORKBENCH`: If `run_composio_tool()` allows arbitrary code execution, this tool should be removed from LLM access, or its capabilities severely sandboxed and restricted to a predefined set of safe operations. 4. Human-in-the-Loop: For any sensitive or potentially destructive operations, introduce a human approval step before execution.	LLM	SKILL.md:68

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/43268e225fa00afe.svg)](https://skillshield.io/report/43268e225fa00afe)