Trust Assessment
zoho-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unverified external MCP dependency, Broad tool execution capabilities via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified external MCP dependency The skill explicitly relies on an external Managed Control Plane (MCP) hosted at `https://rube.app/mcp`. There is no mechanism described within the skill to verify the integrity, authenticity, or version of this external service. This introduces a significant supply chain risk, as a compromise or malicious change to `rube.app` could directly impact the security and functionality of the skill, potentially leading to arbitrary code execution, data exfiltration, or other attacks through the tools provided by the MCP. Implement robust mechanisms to verify the integrity and authenticity of the Rube MCP, such as cryptographic signatures, checksums, or strict version pinning. Consider hosting a trusted, isolated instance of the MCP if possible to mitigate reliance on external services. Regularly audit the external service for security vulnerabilities. | LLM | SKILL.md:20 | |
| MEDIUM | Broad tool execution capabilities via Rube MCP The skill design allows for dynamic discovery and execution of a wide range of 'Zoho operations' through `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL`. Furthermore, `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` is mentioned for 'Bulk ops', suggesting powerful, potentially unconstrained execution capabilities. If the agent using this skill is compromised (e.g., via prompt injection), it could be instructed to discover and execute unauthorized or malicious actions within Zoho, leveraging these broad permissions. The dynamic nature of tool discovery means the agent's effective permissions are not statically defined, increasing the attack surface. Implement strict access controls and adhere to the principle of least privilege for the agent. Define a narrow, explicit scope of allowed Zoho operations for the agent. Monitor and audit all agent actions, especially those involving `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`. Consider sandboxing the agent's execution environment and implementing human-in-the-loop approvals for sensitive operations. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/85a2c897df7ccab1)
Powered by SkillShield