Security Audit
forcemanager-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
forcemanager-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Reliance on external MCP introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Reliance on external MCP introduces supply chain risk The skill's core functionality is entirely dependent on an external Managed Control Plane (MCP) hosted at `https://rube.app/mcp`. While this is the intended design, any compromise or malicious change to the `rube.app` service could directly impact the security and integrity of operations performed by this skill. This introduces a supply chain risk, as the skill's behavior is not fully contained within the provided package but relies on an external, potentially untrusted, third-party service. Assess the trustworthiness and security posture of `rube.app`. Consider implementing mechanisms to verify the integrity of responses from the MCP or to sandbox its operations. For critical applications, evaluate if a self-hosted or more tightly controlled MCP solution is feasible. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/cde5d188a31d7e4b)
Powered by SkillShield