Security Audit

reddit-automation

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

reddit-automation received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Dependency in Skill Manifest, Excessive Permissions: Broad Destructive Capabilities.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned Dependency in Skill Manifest The skill's manifest specifies a dependency on 'rube' within the 'mcp' ecosystem but does not pin a specific version. This means that any new version of the 'rube' MCP could be pulled, including potentially malicious or vulnerable updates, without explicit review. This introduces a supply chain risk where a compromise of the 'rube' project could directly impact users of this skill. Pin the 'rube' dependency to a specific, known-good version in the skill's manifest (e.g., `"rube": "1.2.3"`) to prevent unexpected or malicious updates. Regularly review and update pinned versions.	LLM	SKILL.md
HIGH	Excessive Permissions: Broad Destructive Capabilities The skill grants access to a wide range of Reddit management tools, including highly destructive actions such as `REDDIT_DELETE_REDDIT_POST` and `REDDIT_DELETE_REDDIT_COMMENT`. While these are intended functionalities, providing an AI agent with such broad capabilities without fine-grained control or explicit user confirmation for sensitive actions (like deletion) poses a significant risk. A compromised agent could be used to delete a user's entire Reddit history, post spam, or spread misinformation. Implement granular permission controls within the agent's execution environment, requiring explicit user confirmation for destructive actions (e.g., deletion). Consider breaking down the skill into smaller, more focused skills with limited scopes, or providing options to disable certain high-risk functionalities.	LLM	SKILL.md:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/967011c966e54b9c.svg)](https://skillshield.io/report/967011c966e54b9c)