Security Audit
pexels-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
pexels-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned dependency on Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned dependency on Rube MCP The skill declares a dependency on 'rube' within the 'mcp' ecosystem but does not specify a version. This means the skill will always use the latest version of the Rube MCP tools and services provided by `rube.app/mcp`. While the skill mitigates some risks by recommending `RUBE_SEARCH_TOOLS` for dynamic schema discovery, changes in the Rube MCP's underlying functionality or security posture could impact the skill without explicit version control. If possible, specify a version constraint for the `rube` MCP dependency in the manifest to ensure predictable behavior and reduce exposure to unexpected changes in the upstream service. | LLM | manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/92b26e084b4f0cb7)
Powered by SkillShield