Security Audit
zylvie-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
zylvie-automation received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via RUBE_REMOTE_WORKBENCH, Unpinned External Dependency (Rube MCP), Broad Tool Access and Excessive Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()` for 'Bulk ops'. If `run_composio_tool()` allows for arbitrary code execution or execution of unvalidated commands/scripts, this could lead to command injection. A compromised LLM could leverage this to execute unintended or malicious operations within the Composio ecosystem or underlying systems. Ensure that `run_composio_tool()` within `RUBE_REMOTE_WORKBENCH` is strictly sandboxed and only permits execution of a predefined, safe set of tools or operations. Implement robust input validation and restrict dynamic code execution. Provide clearer documentation on the security boundaries of this powerful tool. | Static | SKILL.md:70 | |
| MEDIUM | Unpinned External Dependency (Rube MCP) The skill relies on the Rube MCP service from `https://rube.app/mcp` without any version pinning or integrity checks. This unpinned dependency introduces a supply chain risk, as changes to the external Rube MCP service could introduce vulnerabilities, alter tool behavior, or lead to unexpected outcomes without the skill author's explicit review or control. Implement version pinning or a mechanism to specify and verify the expected version or behavior of the Rube MCP. This could involve using a specific API version endpoint or a hash-based verification if available, to ensure consistency and security of the external dependency. | Static | SKILL.md:20 | |
| MEDIUM | Broad Tool Access and Excessive Permissions The skill grants the LLM access to a comprehensive suite of Rube tools (`RUBE_SEARCH_TOOLS`, `RUBE_MANAGE_CONNECTIONS`, `RUBE_MULTI_EXECUTE_TOOL`, `RUBE_REMOTE_WORKBENCH`) that collectively allow for discovery, connection management, and execution of a wide range of Zylvie operations. While necessary for the skill's intended function, the broadness of these tools, particularly `RUBE_MULTI_EXECUTE_TOOL` and `RUBE_REMOTE_WORKBENCH`, means that a compromised LLM could potentially perform a wide range of unauthorized or malicious actions within the Zylvie system. Implement fine-grained access controls at the Rube MCP level to limit the specific Zylvie operations or tool functionalities available to the LLM based on the context or user permissions. Ensure that the LLM's execution environment is sandboxed and that any actions requiring sensitive permissions are subject to human approval or additional verification steps. | Static | SKILL.md:65 |
Scan History
Embed Code
[](https://skillshield.io/report/6f051d621eb9bf36)
Powered by SkillShield