Trust Assessment
wati-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Rube MCP dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Rube MCP dependency The skill declares a dependency on the 'rube' MCP in its manifest but does not specify a version. This lack of version pinning means the skill could be exposed to unexpected changes, breaking updates, or potential compromises in the `rube.app/mcp` endpoint or the Rube MCP itself. If a malicious version of Rube MCP were to be served, it could lead to arbitrary code execution or data exfiltration through the tools it provides. If the ecosystem supports it, specify a precise version for the 'rube' MCP dependency in the manifest. Additionally, consider implementing integrity checks (e.g., checksums) if available, to ensure the loaded MCP has not been tampered with. | Static | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/1e9118bc70747d9f)
Powered by SkillShield