Security Audit
zeplin-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
zeplin-automation received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unversioned External MCP Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unversioned External MCP Dependency The skill declares a dependency on the 'rube' Managed Control Plane (MCP) in its manifest without specifying a version. This means the skill will always use the latest version of the Rube MCP, which is an external service (https://rube.app/mcp). Changes or malicious updates to this external service could impact the skill's functionality or security without explicit review or consent, posing a supply chain risk due to an unpinned dependency. If possible, specify a version or hash for the 'rube' MCP dependency in the manifest to ensure deterministic behavior and mitigate risks from unreviewed updates to the external service. If version pinning is not supported by the MCP system, acknowledge the inherent risk of relying on a continuously updated external service. | Static | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/3710b756556e7865)
Powered by SkillShield