Security Audit
simplesat-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
simplesat-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Rube MCP dependency The skill manifest specifies a dependency on the 'rube' MCP without a version constraint. This means the skill will always use the latest version of the Rube MCP, which could introduce breaking changes, unexpected behavior, or security vulnerabilities if the upstream service is compromised or changes its functionality without notice. Relying on unpinned dependencies increases supply chain risk as the skill's behavior is entirely dependent on the current state of an external, unversioned service. If the Rube MCP supports versioning, specify a precise or minimum compatible version in the 'requires' section of the manifest. If versioning is not supported for MCPs, acknowledge the inherent risk and ensure robust monitoring of the 'rube.app' service for any changes or security advisories. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8a25d9c9fa8e43ef)
Powered by SkillShield