Security Audit
typefully-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
typefully-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unversioned External MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unversioned External MCP Dependency The skill's manifest declares a dependency on the `rube` MCP, and the skill documentation instructs the agent to connect to `https://rube.app/mcp`. There is no version pinning or content hashing for the MCP itself. This means the behavior of the `rube` MCP, and thus the tools it provides, can change dynamically without the skill package being updated or reviewed. A malicious update to the `rube` MCP could introduce vulnerabilities, backdoors, or alter tool behavior, impacting the agent's operations and potentially leading to data compromise or unauthorized actions. Implement version pinning or content hashing for external MCP dependencies. If direct versioning isn't possible, consider using a trusted proxy or a mechanism to validate the MCP's integrity before use. Regularly audit external dependencies. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/b5f02862b6fbe611)
Powered by SkillShield