Security Audit
amplitude-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
amplitude-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill documentation implies use of generic connection management tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Skill documentation implies use of generic connection management tool The skill's documentation for 'amplitude-automation' instructs the agent to use `RUBE_MANAGE_CONNECTIONS` for setting up the Amplitude connection. While the documentation specifies using it with `toolkit: 'amplitude'`, `RUBE_MANAGE_CONNECTIONS` is a generic tool provided by the Rube MCP. If the agent is granted access to this generic tool without strict parameter-level scoping (e.g., restricting the `toolkit` parameter to only `amplitude`), it could potentially be exploited to manage connections for other services supported by Rube MCP, exceeding the stated scope of the 'amplitude-automation' skill. Ensure that when the `amplitude-automation` skill is active, the agent's access to `RUBE_MANAGE_CONNECTIONS` is strictly scoped to only allow `toolkit: 'amplitude'`. Alternatively, Rube MCP could provide a more specific `AMPLITUDE_MANAGE_CONNECTION` tool that only handles Amplitude connections. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/5b1856a8bc08d4cf)
Powered by SkillShield