Trust Assessment
Ramp Automation received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency in Manifest, Broad Access to Sensitive Financial and User Data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Dependency in Manifest The skill's manifest specifies a dependency on the 'rube' MCP without a version constraint. This 'unpinned' dependency can lead to supply chain vulnerabilities, as future updates to 'rube' (whether intentional or malicious) could introduce breaking changes, security flaws, or backdoors without explicit review. It also makes the build non-deterministic. Pin the 'rube' MCP dependency to a specific, known-good version in the manifest. For example, `"mcp": ["rube@1.2.3"]` or similar versioning scheme supported by the MCP system. | LLM | SKILL.md:4 | |
| MEDIUM | Broad Access to Sensitive Financial and User Data The skill provides extensive access to sensitive corporate financial data and user information through tools like `RAMP_GET_ALL_TRANSACTIONS`, `RAMP_LIST_USERS`, `RAMP_LIST_REIMBURSEMENTS`, and `RAMP_GET_CARD`. These tools allow retrieval of all transactions, listing all users with PII (email, employee ID), and accessing detailed reimbursement and card information. While this is the intended functionality, the broad scope of these permissions means that if the LLM or the skill's execution environment is compromised (e.g., via prompt injection), a large volume of sensitive data could be accessed and potentially exfiltrated. Implement strict access controls and authorization policies for the skill's usage. Ensure that the LLM's prompts are carefully engineered to prevent unauthorized data access. Consider implementing fine-grained permissions within the Ramp platform itself, if available, to limit the scope of data accessible by the API key used by the skill. Regularly audit skill usage and data access patterns. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/71db9b3fae029f28)
Powered by SkillShield