Security Audit
lodgify-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
lodgify-automation received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Hardcoded dependency on external MCP server.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Hardcoded dependency on external MCP server The skill explicitly depends on the Rube MCP server at `https://rube.app/mcp`. If this external service were to be compromised or serve malicious tool definitions, any skill using it via `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL` could be directed to execute malicious operations. This represents a supply chain risk as the integrity of the skill's operations relies entirely on the security and availability of the `rube.app` domain and its services. There are no explicit mechanisms described within the skill to verify the authenticity or integrity of the tools retrieved from this external source. Implement mechanisms to verify the integrity and authenticity of tool definitions retrieved from external MCP servers (e.g., digital signatures, content hashing). Consider sandboxing the execution environment for tools retrieved from external sources to limit potential impact of compromised tools. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/c6b007fa948af880)
Powered by SkillShield