Security Audit
plasmic-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
plasmic-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic Tool Execution from Untrusted External MCP, Supply Chain Risk - Unverified External MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Dynamic Tool Execution from Untrusted External MCP The skill instructs the LLM to dynamically discover and execute tools provided by an external Rube MCP (`https://rube.app/mcp`). The `RUBE_SEARCH_TOOLS` and `RUBE_MULTI_EXECUTE_TOOL` commands allow the external MCP to dictate available operations and their execution. This grants excessive permissions, as the LLM is instructed to trust and execute arbitrary tools defined by an external service, without explicit validation or sandboxing defined within the skill itself. A malicious or compromised MCP could lead to command injection, data exfiltration, or other severe security breaches by providing harmful tool definitions. 1. Implement strict allow-listing for tool slugs and their arguments, rather than dynamic discovery and execution. 2. Require explicit user confirmation or a human-in-the-loop for execution of tools from external sources, especially those with broad capabilities. 3. Implement robust sandboxing and input validation for all arguments passed to externally defined tools. 4. Consider pinning the version or specific capabilities of the Rube MCP to reduce the attack surface from changes in the external service. | LLM | SKILL.md:27 | |
| HIGH | Supply Chain Risk - Unverified External MCP Dependency The skill relies on an external, unversioned Rube MCP server at `https://rube.app/mcp`. There is no mechanism within the skill package to verify the integrity or authenticity of the tools and schemas provided by this external service. A compromise of `rube.app` or its domain could lead to the injection of malicious tool definitions, which the LLM is instructed to discover and execute, posing a significant supply chain risk. 1. Implement mechanisms to verify the integrity and authenticity of the Rube MCP and its provided tools (e.g., cryptographic signatures, trusted registries). 2. Consider hosting or mirroring critical MCP components internally if possible. 3. Provide clear warnings to users about the risks associated with external dependencies and the need to trust `rube.app`. 4. If possible, specify a version or hash for the expected MCP configuration to prevent unexpected changes. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/3627c3a2eb609ff1)
Powered by SkillShield