Security Audit
browserbase-tool-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
browserbase-tool-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Rube MCP dependency The skill's manifest declares a dependency on the 'rube' MCP, and the skill description refers to `https://rube.app/mcp`. However, no specific version or hash is pinned for this external service. This means the skill's behavior is dependent on the current state and implementation of the Rube MCP service, which could change without explicit updates to the skill, potentially introducing vulnerabilities, breaking changes, or unexpected behavior if the service is compromised or altered. If the platform supports it, specify a version, hash, or a more specific endpoint for the Rube MCP service. Alternatively, implement robust validation of all tool schemas and outputs received from the Rube MCP to mitigate risks from upstream changes. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a45e2792adc4d99a)
Powered by SkillShield