Security Audit
remove-bg-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
remove-bg-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Reliance on External Managed Control Plane (MCP).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Reliance on External Managed Control Plane (MCP) The skill's core functionality is entirely dependent on an external Managed Control Plane (MCP) hosted at `https://rube.app/mcp`. This introduces a supply chain risk where the availability, integrity, and security of the skill are tied to a third-party service. A compromise or malicious change in the Rube MCP or the 'remove_bg' toolkit it provides could directly impact the skill's operations and potentially lead to data manipulation or unauthorized actions. While this is a common pattern for skills integrating with external services, it's a significant dependency to acknowledge. Acknowledge and monitor the security posture of the external MCP provider. Implement robust input validation and output sanitization for all interactions with the MCP. Consider alternative implementations or local hosting options if the risk profile of the external dependency is deemed too high. Ensure that the LLM is configured with appropriate guardrails to prevent unintended interactions with the external service. | Static | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/34dea8eb1bac24bd)
Powered by SkillShield