Trust Assessment
wiz-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unversioned External Service Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unversioned External Service Dependency The skill depends on the 'rube' MCP service, configured via `https://rube.app/mcp`. The manifest declares a dependency on 'rube' but does not specify a version. This means the skill will always use the latest version of the Rube MCP service. If the Rube MCP service introduces breaking changes, vulnerabilities, or malicious functionality, the skill could be negatively impacted without explicit updates or user intervention. This lack of version pinning for an external service creates a supply chain risk. If possible, specify a version for the 'rube' MCP service in the skill's manifest or configuration. If the service supports versioned endpoints, use a specific version to ensure stability and security. Regularly review the external service for changes and update the skill's dependency accordingly. | Static | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/59ea2bd9ac7ba9c6)
Powered by SkillShield