wiz-automation
by ComposioHQwiz-automation helps Claude automate Wiz security workflows through Composio Rube MCP, using live tool discovery, Wiz connection checks, and safer execution patterns.
This skill scores 66/100, so it is acceptable for listing but limited. Directory users get enough information to understand that it enables Wiz automation through Composio's Rube MCP and how an agent should discover tools and verify connections, but they should expect a thin wrapper around external tool schemas rather than a rich, self-contained workflow package.
- Frontmatter clearly declares the `rube` MCP requirement and describes the trigger: automating Wiz tasks through Rube MCP.
- Provides prerequisite and setup steps, including adding `https://rube.app/mcp`, checking `RUBE_SEARCH_TOOLS`, and managing a Wiz connection with `RUBE_MANAGE_CONNECTIONS`.
- Emphasizes dynamic tool discovery before execution, which should reduce schema guesswork for agents using current Composio/Wiz tooling.
- No bundled scripts, references, README, or task-specific resources; the skill is mostly procedural guidance in SKILL.md.
- Concrete Wiz task examples appear limited, and execution depends on live Rube tool discovery rather than documented schemas in the repository.
Overview of wiz-automation skill
What wiz-automation does
wiz-automation is a Claude skill for automating Wiz security operations through Composio’s Rube MCP toolkit. Its core value is not a fixed set of hardcoded Wiz actions; it teaches the agent to discover the current Wiz tool schemas with RUBE_SEARCH_TOOLS, verify the Wiz connection, and then execute the right Rube MCP tools for the requested task.
This matters because Wiz and MCP tool schemas can change. The wiz-automation skill is best for teams that want an agent to help with repeatable cloud security workflows while still checking the live available tools before acting.
Best fit for Workflow Automation
Use wiz-automation for Workflow Automation when your work involves Wiz tasks such as investigating cloud security findings, listing assets, checking issue context, preparing summaries, or coordinating repeatable Wiz operations through an authenticated Composio connection. It is most useful for security, DevOps, platform, and cloud operations users who already rely on Wiz and want Claude to drive tool-based workflows rather than only draft text.
It is not a replacement for Wiz access control, security review, or change approval. Treat it as an automation layer that can call available Rube MCP tools once your Wiz connection is active.
Key adoption requirement
The blocking requirement is MCP setup. Rube MCP must be configured in your client, RUBE_SEARCH_TOOLS must be available, and the Wiz toolkit connection must be active through RUBE_MANAGE_CONNECTIONS. If your environment cannot use MCP tools, the skill can still explain a workflow, but it cannot perform real Wiz automation.
How to Use wiz-automation skill
wiz-automation install and setup
Install the skill from the repository with:
npx skills add ComposioHQ/awesome-claude-skills --skill wiz-automation
Then configure Rube MCP in your client by adding:
https://rube.app/mcp
The upstream skill states that no separate API key is needed for the MCP endpoint, but you still need an active Wiz connection. In Claude or another compatible MCP client, confirm that RUBE_SEARCH_TOOLS is available. Then use RUBE_MANAGE_CONNECTIONS with toolkit wiz; if the status is not ACTIVE, complete the returned authentication flow before asking the agent to run Wiz workflows.
Start with tool discovery
The most important usage rule is: search tools first. Do not ask the agent to guess Wiz tool names or input fields. A strong wiz-automation usage prompt should tell the agent to discover tools for the exact task, check the connection, and only then execute.
Example:
“Use the wiz-automation skill. First call RUBE_SEARCH_TOOLS for the use case ‘find critical Wiz issues affecting internet-exposed cloud resources and summarize owner, severity, and remediation’. Check the wiz connection with RUBE_MANAGE_CONNECTIONS. If active, choose the safest matching tools, show the planned calls before execution, and summarize results with IDs and next actions.”
This is better than “check Wiz issues” because it defines the target objects, filters, output fields, and safety behavior.
Prompt inputs that improve results
Give the agent enough operational context to choose the right Rube tools:
- Goal: investigation, reporting, inventory, triage, or remediation planning.
- Scope: cloud account, project, subscription, environment, business unit, or time window.
- Filters: severity, exposure, vulnerability, control failure, status, owner, or asset type.
- Output format: table, executive summary, ticket-ready notes, CSV-style fields, or action plan.
- Guardrails: read-only first, ask before bulk changes, avoid destructive actions, preserve IDs.
For example, instead of “make a Wiz report,” write: “Create a read-only report of open high and critical Wiz issues for production AWS accounts from the last 30 days. Include issue ID, affected resource, severity, cloud account, exposure reason, remediation guidance, and owner if available. Do not modify anything.”
Files to read before relying on it
The repository path is composio-skills/wiz-automation, and the useful source file is SKILL.md. There are no extra scripts/, references/, rules/, or README.md files in the preview, so review SKILL.md closely before installation. Pay special attention to the prerequisites, setup, tool discovery pattern, and core workflow pattern because they define how the agent should call Rube MCP instead of improvising.
wiz-automation skill FAQ
Is wiz-automation only for Composio users?
It is for users who can access Rube MCP and connect the Wiz toolkit through Composio. The skill depends on MCP tools such as RUBE_SEARCH_TOOLS and RUBE_MANAGE_CONNECTIONS. Without those, it becomes guidance rather than executable automation.
How is this better than an ordinary Wiz prompt?
A normal prompt may ask the model to reason about Wiz from memory. The wiz-automation skill pushes the agent toward live tool discovery, current schemas, connection checks, and structured execution. That reduces failures caused by stale tool names, missing parameters, or assuming a Wiz API shape that is not currently exposed through Rube.
Can beginners use the wiz-automation skill?
Yes, if someone else has already configured MCP and the Wiz connection. Beginners should start with read-only tasks: listing issues, summarizing findings, or building triage reports. Avoid asking for remediation or bulk actions until you understand which tools are available and what permissions the Wiz connection has.
When should I not use wiz-automation?
Do not use it when you need offline documentation only, when MCP tools are unavailable, or when your organization requires manual approval before any security-platform action. Also avoid vague broad tasks such as “fix all Wiz problems.” Break them into discovery, review, and approved execution steps.
How to Improve wiz-automation skill
Improve wiz-automation prompts with scope
Most poor results come from underspecified scope. Add environment, cloud provider, account, severity, status, time range, and desired output. A scoped prompt helps RUBE_SEARCH_TOOLS return better candidate tools and helps the agent avoid overbroad Wiz queries.
Weak: “Find risky assets.”
Stronger: “Use wiz-automation to find internet-exposed production assets with critical Wiz issues in AWS accounts tagged env=prod. Start read-only, return resource ID, issue ID, severity, exposure path, owner, and recommended remediation.”
Add review gates for safer automation
For security operations, ask the agent to separate planning from execution. A good pattern is: discover tools, check connection, propose tool calls, wait for approval, execute, then summarize. This is especially important if the available Wiz tools include update, ticketing, or remediation-related actions.
Useful instruction: “Before any non-read-only action, show the selected tool slug, required inputs, expected effect, and rollback or verification step.”
Iterate from first output
After the first result, refine based on what the tools actually return. If important fields are missing, ask the agent to run another discovery query with known_fields or a more precise use case. If the output is too broad, tighten filters by severity, account, project, asset type, or issue status.
Good follow-up: “Narrow this to open critical issues on externally reachable compute resources only, group by owning team, and include the exact Wiz IDs needed for ticket creation.”
Watch common failure modes
The main failure modes are skipping RUBE_SEARCH_TOOLS, assuming schemas, running before the Wiz connection is active, and asking for actions beyond the connected account’s permissions. The best way to improve wiz-automation is to make tool discovery mandatory, keep the first pass read-only, and require the agent to expose assumptions before execution.
