Trust Assessment
connect received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Python and Node.js Dependencies, Excessively Broad Tool Access Granted to LLM.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessively Broad Tool Access Granted to LLM The skill is designed to provide the LLM agent with extremely broad access to '1000+ integrations' including email, chat, development tools, databases, and more. The `system_prompt` explicitly states, 'You can take actions in external apps.' While this is the intended functionality of the 'Connect' skill, granting such wide-ranging capabilities to an LLM agent without fine-grained control or robust guardrails represents a significant security risk. An unconstrained or compromised LLM could potentially perform unauthorized actions across numerous critical external services. Implement strict access controls and monitoring for the LLM agent's use of this skill. Consider adding more specific system prompts or agent-side logic to limit the scope of actions the LLM can take based on context or user roles. Ensure all actions are logged and auditable. If possible, explore mechanisms within the Composio platform to define narrower scopes for API keys or OAuth grants. | Static | SKILL.md:10 | |
| MEDIUM | Unpinned Python and Node.js Dependencies The skill's setup instructions recommend installing Python and Node.js packages without specifying version numbers (e.g., `pip install composio`, `npm install @composio/core`). This practice can lead to supply chain risks, as a future malicious or incompatible version of a dependency could be installed, potentially introducing vulnerabilities or breaking functionality. It also makes builds non-deterministic. Pin all dependencies to specific versions (e.g., `pip install composio==1.2.3`, `npm install @composio/core@1.0.0`). Consider using a dependency lock file (e.g., `requirements.txt` with `pip freeze > requirements.txt` or `package-lock.json`). | Static | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/09a5c526c45a7e1d)
Powered by SkillShield