Trust Assessment
nasa-automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency on External MCP, Broad Tool Execution Capability via RUBE_REMOTE_WORKBENCH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Dependency on External MCP The skill relies on the 'rube' Multi-Capability Provider (MCP) without specifying a version or pinning it to a known good state. The manifest `requires: {"mcp": ["rube"]}` indicates a dependency on an external service (`https://rube.app/mcp`). This unpinned dependency means the skill will always use the latest version of the Rube MCP, which could introduce breaking changes, vulnerabilities, or even malicious updates without explicit review or consent. A compromise of the `rube.app` endpoint could lead to supply chain attacks. Pin the Rube MCP dependency to a specific, known-good version. Implement mechanisms to verify the integrity and authenticity of the MCP before use. Consider hosting critical MCPs internally or using trusted, version-controlled registries. | LLM | SKILL.md:1 | |
| MEDIUM | Broad Tool Execution Capability via RUBE_REMOTE_WORKBENCH The skill documentation describes the use of `RUBE_REMOTE_WORKBENCH` with `run_composio_tool()`. This tool implies a very broad capability to execute arbitrary Composio tools in a remote environment. While the context is 'Nasa operations', the generic nature of 'run_composio_tool()' suggests that the skill, through the Rube MCP, has extensive execution privileges. This makes the skill a high-privilege component, and any vulnerabilities in the underlying Composio tools or the Rube MCP itself could be exploited through this broad execution capability. If possible, restrict the `RUBE_REMOTE_WORKBENCH` to a predefined, limited set of Composio tools or specific operations. Implement strict input validation and sanitization for arguments passed to `run_composio_tool()`. Ensure that the remote workbench environment is isolated and has the principle of least privilege applied. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/894580183588646a)
Powered by SkillShield