Trust Assessment
brevo-automation received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Brevo API Access via Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Brevo API Access via Rube MCP The skill provides extensive access to Brevo (Sendinblue) email marketing functionalities, including the ability to list, create, update, and delete email campaigns and templates, as well as list senders. This level of access, while necessary for the skill's stated purpose of 'Brevo Automation', means that a compromised or misdirected LLM could potentially send unauthorized emails, modify existing campaigns with malicious content, or delete critical marketing assets. The skill effectively grants full control over the connected Brevo account's email marketing operations. Implement robust input validation and user confirmation steps within the LLM's workflow, especially for destructive actions (e.g., deleting campaigns/templates) or actions with high impact (e.g., sending emails). Ensure the LLM strictly adheres to user intent and does not deviate into unauthorized actions. Consider implementing a 'human-in-the-loop' for sensitive operations. If possible, use Brevo API keys with the principle of least privilege, granting only the minimum necessary permissions for specific sub-tasks. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/fb8d2742c2d24869)
Powered by SkillShield