Security Audit

airtable-automation

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

airtable-automation received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dependency on External Rube MCP Service, Broad Airtable Access via Rube MCP.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Dependency on External Rube MCP Service The skill explicitly depends on an external Managed Control Plane (MCP) service hosted at `https://rube.app/mcp`. This service is responsible for handling tool execution and potentially authentication for Airtable. A compromise of the `rube.app` service or vulnerabilities within the MCP could lead to unauthorized access or manipulation of Airtable data, or other security breaches. The skill delegates significant control and trust to this third-party service. Thoroughly vet the security practices and trustworthiness of `rube.app` and its Composio toolkit. Implement network policies to restrict communication to only necessary endpoints. Monitor for any unusual activity originating from or directed towards the MCP. Understand the full scope of data and control delegated to the MCP.	Static	SKILL.md:21
MEDIUM	Broad Airtable Access via Rube MCP The skill provides comprehensive access to Airtable functionalities, including creating, reading, updating, and deleting records, as well as managing base schemas, fields, and comments. While this is the intended purpose of an 'automation' skill, it represents a high-privilege capability. If an attacker gains control of the agent and can invoke this skill, they could perform arbitrary data manipulation or exfiltration within the connected Airtable account. Users should be fully aware of the broad access granted by this skill to their Airtable account. Implement strict access control policies for the agent and its ability to invoke this skill. Consider using separate Airtable accounts or bases with more granular permissions if different agent functionalities require varying levels of access. Ensure robust monitoring for any unauthorized or anomalous Airtable activity.	Static	SKILL.md:37

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/237f64f3ae832671.svg)](https://skillshield.io/report/237f64f3ae832671)