Security Audit

wolfram-alpha-api-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

wolfram-alpha-api-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Tool Access via Generic Rube MCP Tools.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Broad Tool Access via Generic Rube MCP Tools The skill is advertised for 'Wolfram Alpha API automation' but instructs the LLM to use generic Composio Rube MCP tools like `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. These tools, by their nature, can execute any tool available through the Composio platform, not just those related to Wolfram Alpha. This grants the LLM broader permissions than necessary for the stated purpose of the skill, potentially allowing access to other connected services or data if the Rube MCP has other toolkits connected. This increases the attack surface if the LLM is compromised or misinterprets a user's request. The skill should ideally use a more narrowly scoped tool or a wrapper that restricts execution to only Wolfram Alpha API tools. If `RUBE_MULTI_EXECUTE_TOOL` is the only way, the skill documentation should explicitly warn about the broad access and advise the LLM to strictly adhere to Wolfram Alpha related tasks. Alternatively, Composio could provide a Wolfram Alpha specific tool that wraps `RUBE_MULTI_EXECUTE_TOOL` with a pre-filter for `tool_slug`.	LLM	SKILL.md:49

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e26529d17e134b16.svg)](https://skillshield.io/report/e26529d17e134b16)