Security Audit
basecamp-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
basecamp-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill exposes powerful user management capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill exposes powerful user management capabilities The `BASECAMP_PUT_PROJECTS_PEOPLE_USERS` tool, as described in the skill documentation, allows an agent to grant or revoke project access for existing users, and to create entirely new users within Basecamp. Misuse of this tool by a compromised or misconfigured agent could lead to unauthorized access to projects, removal of legitimate users, or the creation of rogue accounts, posing a significant security risk to the Basecamp environment. Implement strict access controls and approval workflows for agent actions involving user management. Ensure the agent's intent is thoroughly verified before executing `BASECAMP_PUT_PROJECTS_PEOPLE_USERS`. Consider limiting the agent's scope to only necessary operations, or requiring human approval for sensitive actions like user creation or access revocation. | Static | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/7a718b9029abc731)
Powered by SkillShield