Security Audit
benzinga-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
benzinga-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external MCP server dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned external MCP server dependency The skill explicitly instructs the agent to configure `https://rube.app/mcp` as an MCP server. This external endpoint is not version-pinned or integrity-checked within the skill's definition. A compromise of `rube.app` could lead to the agent receiving and executing malicious tool definitions or instructions, posing a supply chain risk. The skill's functionality is entirely dependent on the integrity of this external service. Recommend specifying a version or hash for the MCP server endpoint, or using a trusted, internal, and version-controlled MCP server. Implement integrity checks for tool definitions retrieved from external MCPs to mitigate risks from a compromised external service. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/1de027db4905a3b0)
Powered by SkillShield