Trust Assessment
Scrappa MCP received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad access to sensitive external services via single API key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad access to sensitive external services via single API key The skill provides access to over 80 external tools covering a wide range of sensitive data, including personal profiles (LinkedIn), search history (Google, YouTube), shopping habits (Amazon, Vinted), location data (Google Maps, Flights, Hotels), and business reviews (Trustpilot, Kununu). All these tools are accessed via a single external Model Context Protocol (MCP) server (`scrappa.co/mcp`) authenticated by a single API key. This broad scope of access, managed by a single credential, significantly increases the attack surface. A compromise of the API key or the `scrappa.co` service could lead to widespread data exposure or manipulation across multiple sensitive domains. Consider if all 80+ tools are strictly necessary for the skill's core function. Implement granular access controls or separate API keys for different categories of tools if possible. Users should be made explicitly aware of the extensive data access capabilities and the implications of using a single API key for such a broad range of services. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/c7f28c4fb0679dca)
Powered by SkillShield