Security Audit
mapulus-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
mapulus-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned External Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned External Dependency The skill relies on the 'rube' MCP, as declared in the manifest (`requires: {"mcp": ["rube"]}`). The documentation further specifies fetching it from `https://rube.app/mcp`. There is no version pinning or integrity check specified for this external dependency. This means that if the content served by `rube.app/mcp` changes (e.g., due to a compromise or malicious update), the skill's behavior could be altered without explicit user consent or awareness, introducing a supply chain risk. Implement version pinning or integrity checks for external dependencies. If the 'rube' MCP supports versioning, specify a minimum or exact version in the `requires` field of the manifest. Alternatively, provide instructions for users to verify the integrity of the fetched MCP. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8846b513be6a7909)
Powered by SkillShield