Security Audit
yandex-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
yandex-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Broad Yandex API access via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Broad Yandex API access via Rube MCP The skill instructs the LLM to use `RUBE_MULTI_EXECUTE_TOOL` with dynamically discovered tool slugs and references `RUBE_REMOTE_WORKBENCH` for 'Bulk ops'. This design grants the LLM broad access to potentially all Yandex operations exposed by the Rube MCP, allowing it to perform a wide range of actions on Yandex resources without explicit internal constraints within the skill definition. An LLM, if compromised or misaligned, could leverage this broad access to perform unauthorized or destructive actions. Implement fine-grained access control within the Rube MCP or Yandex toolkit to limit the scope of operations available to the LLM. Alternatively, add explicit constraints within the skill's prompt or the LLM's system instructions to guide it on permissible actions and enforce the principle of least privilege. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/92de14fc790c48b8)
Powered by SkillShield