Security Audit
plisio-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
plisio-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill grants broad access via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill grants broad access via Rube MCP The skill's manifest declares a dependency on `rube` (a Meta-Capability Provider). While the skill's stated purpose is 'Plisio Automation', the `rube` MCP allows the agent to discover and execute *any* Composio tool available through Rube, not just those related to Plisio. This grants the agent a significantly broader set of permissions than what might be strictly necessary for Plisio tasks, potentially leading to unintended actions if the agent misinterprets its scope or is prompted maliciously. Consider if the `rube` dependency can be scoped more narrowly to only Plisio-related tools if the MCP supports such granular permissions, or clearly document the full scope of capabilities granted by `rube` to the user. If `rube` cannot be scoped, acknowledge that using this skill grants access to the full range of tools available via Rube MCP. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/7de6096078471ae5)
Powered by SkillShield