Trust Assessment
Neon Automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Skill exposes database connection URIs containing credentials, Skill allows creation of new API keys, posing high credential harvesting risk, Dependency on external Composio MCP server introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill allows creation of new API keys, posing high credential harvesting risk The `NEON_CREATE_API_KEY_FOR_ORGANIZATION` tool, listed in the Quick Reference, grants the LLM the capability to generate new API keys for the Neon account. This is an extremely powerful permission that violates the principle of least privilege for an automated agent. If an attacker can manipulate the LLM (e.g., via prompt injection), they could instruct it to create a new API key and then exfiltrate it, leading to full compromise of the Neon account. This significantly increases the attack surface for credential harvesting. Re-evaluate if an LLM agent truly requires the ability to create new API keys. If not, remove this tool from the skill definition. If it is absolutely necessary, implement extremely stringent guardrails, human approval workflows, and strict output filtering to prevent the LLM from creating and exposing new keys without explicit, verified user consent. Consider using a more granular API key with limited permissions for the skill itself. | LLM | SKILL.md:120 | |
| HIGH | Skill exposes database connection URIs containing credentials The `NEON_GET_PROJECT_CONNECTION_URI` tool returns a full Postgres connection URI, which includes sensitive credentials (username, password, host, port). While the documentation explicitly warns about treating this URI as a secret, the skill provides a direct mechanism for the LLM to retrieve and potentially expose these credentials if not handled securely by the LLM's execution environment or subsequent tools. This poses a significant data exfiltration and credential harvesting risk. Implement strict output filtering and redaction for this tool's results within the LLM's execution environment. Ensure the LLM is explicitly instructed *never* to display, log, or transmit the full URI without explicit, verified user consent. Consider if the LLM truly needs the *full* URI or if a redacted version or separate components would suffice for its tasks. | LLM | SKILL.md:60 | |
| LOW | Dependency on external Composio MCP server introduces supply chain risk The skill relies on an external Composio MCP server (`https://rube.app/mcp`) for its functionality. While this is a common pattern for Composio skills, it introduces a supply chain risk. Compromise of the `rube.app` server could potentially impact the security and integrity of skills using it, as it acts as a critical external component in the skill's execution chain. Ensure that the `rube.app` MCP server is trusted, well-maintained, and regularly audited by Composio. Users should be aware of the external dependency and its implications for the overall security posture of the skill. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/574c6bf05fd01139)
Powered by SkillShield