Security Audit
bitbucket-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
bitbucket-automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency on 'rube'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned dependency on 'rube' The skill manifest specifies a dependency on the 'rube' package without a pinned version. This can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if future versions of 'rube' are incompatible or malicious. An attacker could potentially introduce malicious code into a new version of 'rube', which would then be automatically pulled by this skill without explicit review. Pin the 'rube' dependency to a specific version (e.g., `"rube": ["rube@1.2.3"]`) or a version range (e.g., `"rube": ["rube@^1.0.0"]`) to ensure stability and security. Regularly review and update pinned dependencies. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8f982c091a38ba91)
Powered by SkillShield