Trust Assessment
connect-apps received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency in plugin installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 16, 2026 (commit ccf6204f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in plugin installation The skill instructs users to install the `composio-toolrouter` plugin without specifying a version. This means that any future updates to the plugin, including potentially malicious or vulnerable versions, would be automatically installed, posing a supply chain risk. Without a pinned version, the integrity and security of the installed plugin cannot be guaranteed over time. Pin the dependency to a specific, known-good version (e.g., `/plugin install composio-toolrouter==1.2.3`) to ensure consistent and secure installations. Regularly review and update the pinned version after verifying its security. | Static | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/b246c532e4cfa11d)
Powered by SkillShield