Security Audit
bigml-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
bigml-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned external dependency for tool definitions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external dependency for tool definitions The skill instructs the agent to integrate with an external MCP server at `https://rube.app/mcp` to discover and execute Bigml tools. The skill does not specify any versioning, integrity checks (e.g., checksums, cryptographic signatures), or trusted registry mechanisms for the tools provided by this external endpoint. A compromise of the `rube.app` domain or the MCP server could lead to the agent fetching and executing malicious or unintended tool definitions, posing a significant supply chain risk. Implement robust supply chain security measures. This includes, but is not limited to, pinning the version of the MCP server or tool definitions, using cryptographic signatures to verify the integrity and authenticity of fetched tools, or relying on a trusted, curated registry for tool definitions. Avoid blindly trusting external endpoints for executable code or tool schemas without verification. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/5987e8fd83c011dd)
Powered by SkillShield