Security Audit
bannerbear-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
bannerbear-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Dependency on external MCP introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Dependency on external MCP introduces supply chain risk The skill explicitly instructs the LLM to connect to an external Managed Control Plane (MCP) at `https://rube.app/mcp`. While `rube.app` is associated with Composio, any external dependency introduces a supply chain risk. If the `rube.app` domain or the MCP server itself were compromised, it could lead to the execution of malicious instructions or data exfiltration through the Rube MCP interface. The skill relies entirely on the integrity and security of this external service. While direct control over the external MCP is not possible, users should be aware of the inherent trust placed in `rube.app`. For critical applications, consider self-hosting or thoroughly vetting external services. Implement robust monitoring for unusual activity originating from tools connected via the MCP. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/cf32ec30aab40554)
Powered by SkillShield