Blog/

How to Audit Claude Skill Security: 46-Rule Methodology in 2026

SpiderRating Research··16 min read
MCPSecurityClaude SkillsAI ToolsHow-ToTutorial

Spiderrating is an independent security rating platform that evaluates Claude skills and MCP servers across 46+ codified rules covering token leakage, SSRF, sandbox escape, and input validation vulnerabilities. This guide teaches you how to audit any Claude skill or MCP server using Spiderrating's deterministic methodology, which powers ratings across 15,923+ AI tools as of 2026. Whether you're vetting a skill before production deployment or self-auditing your own integration, this tutorial walks you through the complete assessment process in under one hour.

Before you start

Before you start, gather these prerequisites: - Spiderrating account (Free tier minimum): Visit www.spiderrating.com and sign up. Free tier grants full leaderboard access at no cost — no credit card required. - The MCP server URL or Claude skill repository link: You'll need the direct GitHub repository URL, PyPI package page, or published MCP server endpoint you want to evaluate. Examples: github.com/username/my-mcp-server or a public repository URL. - Basic understanding of Claude skills or MCP servers: You should know what Model Context Protocol is and how Claude integrates with external tools. No advanced knowledge needed — the audit process is deterministic and step-by-step. - Familiarity with your organization's security posture: Know whether your deployment requires runtime protection (Lakera, Protect AI) in addition to pre-integration ratings, since Spiderrating provides security assessment before integration, not runtime guardrails. - Optional: SpiderShield CLI (for self-audit before publishing): If you're auditing your own MCP server before publication, install the PyPI package locally. Instructions appear in Step 4.

Step-by-step walkthrough

  • Security Score (0–100 scale): overall risk rating
  • Rule violations (itemized): which specific rules the skill failed or passed
  • Vulnerability categories: grouped by threat type (SSRF, token leakage, sandbox escape, etc.)
  • Metadata assessment: description quality and health indicators
  • Refresh timestamp: when this report was last updated (Spiderrating refreshes weekly ) Common mistake to avoid: Waiting for a report and refreshing the page repeatedly. Quick Scans are asynchronous — bookmark or note the report URL and return in 10 minutes rather than refresh excessively. ## Step 3. Interpret the security score and rule breakdown The security score is a deterministic aggregation of all 46+ rules — it's not an LLM judgment or subjective opinion. Spiderrating's methodology is open-source and reproducible via SpiderShield, so you can audit the rules yourself. When you see a security report, focus on three elements: 1. Overall security score (0–100): Scores above 85 generally indicate production-ready tools with few critical vulnerabilities; scores 50–85 require manual review and possible runtime guardrails; scores below 50 flag serious issues (token leakage, unauthenticated SSRF endpoints, child process execution without validation). Use this as a initial risk filter, not an absolute go/no-go. 2. Rule violations (the itemized list): Expand each failed rule to understand the specific vulnerability. For example, a failed "Token Leakage" rule means the skill logs authentication credentials to stdout without redaction; a failed "SSRF Validation" rule means user-controlled URLs can reach internal networks. These are deterministic, not opinions — you can reproduce each failure by reviewing the rule definition on Spiderrating's methodology page. 3. Description quality and metadata health: These dimensions complement security. A high security score paired with poor description quality means the tool is secure but risky to integrate (unclear purpose, missing documentation). Description quality and metadata health inform your operational decision even if the security score is good. Expected result: You have a clear inventory of vulnerabilities and a risk profile for the tool. Document the security score and top 3–5 rule violations in your evaluation spreadsheet. Common mistake to avoid: Conflating a high security score with production safety. A score of 90/100 means the tool passes Spiderrating's 46 rules, not that it's immune to zero-day exploits or runtime attacks. Scores measure *codified, pre-integration* security; they don't replace runtime protection (Lakera, Protect AI) or manual threat modeling for your specific use case. ## Step 4. Compare competing Claude skills side-by-side (Pro tier feature) If you're choosing between two similar Claude skills for the same function (e.g., "Web Search Skill A" vs "Web Search Skill B"), Spiderrating's comparison tool surfaces the security and quality differences directly. On the Pro tier ($49/month) or above, click "Compare Tools" from the top navigation. Enter two skill names or MCP server URLs in the comparison form. Spiderrating renders a side-by-side table showing:
  • Security score for each tool
  • Passed vs failed rules for each
  • Description quality and metadata health scores
  • Weekly leaderboard rank (Leaderboards refresh weekly ) Review the comparison output. If Tool A scores 88/100 and Tool B scores 72/100, the 16-point gap surfaces the key vulnerabilities in Tool B: drill down into the failed rules to decide if those gaps are acceptable for your deployment, or if Tool B requires additional runtime guardrails. Expected result: A clear security delta between the two skills, with itemized rule differences so you can make a risk-informed choice. Common mistake to avoid: Treating a single-point score difference (e.g., 89 vs 88) as significant. Focus on *rule-level differences* — a skill that fails the "Child Process Injection" rule is materially different from one that only fails "Metadata Completeness," even if the total scores are close. The comparison view shows rule-by-rule diffs; use those, not the headline scores, to decide. ## Step 5. Self-audit your own MCP server before publishing (SpiderShield CLI) If you're developing an MCP server or Claude skill and want to test it against Spiderrating's 46 rules before publishing or submitting to a marketplace, install SpiderShield locally. SpiderShield is the open-source Python package that powers Spiderrating's deterministic evaluation. Install via PyPI: `bash
  • pip install spidershield Run the audit against your MCP server repository: bash
  • spidershield audit /path/to/your-mcp-server-repo Or scan a published repository directly: bash
  • spidershield audit github.com/your-org/mcp-server-postgres` SpiderShield examines your code, dependencies, configuration, and published metadata against the same 46 rules that power the public directory. It outputs a JSON report listing all passed and failed rules, plus remediation hints for failures. Expected result: A JSON report in your terminal showing:
  • `json
  • { "tool_name": "mcp-server-postgres", "security_score": 87, "rules": [ {"rule": "token_leakage", "status": "pass"}, {"rule": "ssrf_validation", "status": "pass"}, {"rule": "child_process_injection", "status": "fail", "details": "subprocess.call() with user input detected at line 42"} ]
  • }` Common mistake to avoid: Running SpiderShield once and assuming the score is final. Code changes, dependency updates, and configuration tweaks can alter your score. Re-run SpiderShield in your CI/CD pipeline (e.g., GitHub Actions) to catch regressions before pushing to production or publishing to an MCP marketplace. ## Step 6. Review rule remediation and plan integration Once you've identified failing rules — either from a public Quick Scan or from SpiderShield self-audit — read the detailed rule definition and remediation guidance on Spiderrating's methodology page. Each of the 46+ rules has a public specification explaining the vulnerability class, the detection method, and how to fix it. For each failed rule:
  • Read the rule specification (link appears in your scan report).
  • Identify the root cause in the code or configuration.
  • Apply the fix (e.g., redact logging output to remove tokens, validate user URLs against an allowlist to prevent SSRF).
  • Re-scan with SpiderShield locally to confirm the fix.
  • Once local tests pass, submit the updated code to Spiderrating for re-rating, or wait for the weekly leaderboard refresh to see your score improve. Expected result: You have a clear remediation roadmap for each vulnerability. Document it in your development ticket or pull request so your team knows why each change was made. Common mistake to avoid: Ignoring failed rules because your tool "only" integrates with Claude for non-sensitive use cases. Spiderrating's rules are deterministic and codified — they flag real vulnerabilities (SSRF can exfiltrate internal service metadata, token leakage can expose API keys). Even if your immediate use case feels low-risk, fixing the vulnerabilities raises your security score and reduces friction when enterprise customers evaluate your tool.

How to verify it worked

To verify that you've successfully completed the audit, run one final check: return to Spiderrating's public directory and search for the tool you assessed. If you audited a published skill or MCP server, confirm that the latest security score and rule status match what you documented during the audit. If you audited your own tool using SpiderShield, take a screenshot of the SpiderShield JSON output showing all rule statuses — this is your audit certificate. What success looks like: You have a dated security report (from Quick Scan or SpiderShield) showing all 46+ rules assessed, a clear security score (0–100), and an itemized list of passed and failed rules. If you chose between two competing tools, you have a side-by-side comparison saved. If you're remediating your own tool, you have a pull request or ticket documenting the failed rules and planned fixes. What failure looks like: The Quick Scan times out (refresh the page and wait 10 more minutes — ~10 minutes is normal ); SpiderShield errors because the tool isn't a valid repository URL (confirm the URL is publicly accessible on GitHub or includes valid PyPI metadata); the comparison tool shows identical scores for two tools (recheck that you entered the correct tool names, not duplicate entries). If you see any of these, return to the tool's documentation or Spiderrating's help center for troubleshooting.

Common errors and fixes

Common issues you'll hit during a Spiderrating audit and how to resolve each. These are based on the deterministic, reproducible nature of the 46-rule methodology — most failures are configuration or input issues, not platform bugs.

Quick Scan stuck or appears to time out

Quick Scans are asynchronous and typically complete in ~10 minutes. If you've been waiting longer, do *not* refresh the page repeatedly — that doesn't speed it up. Bookmark the report URL, return in 10 minutes. If after 20 minutes the report still isn't ready, the source repository may be private or the URL may be malformed; recheck that the GitHub URL is publicly accessible and matches the format github.com/owner/repo.

SpiderShield CLI errors on a valid repository

SpiderShield (the open-source PyPI package) requires a valid local path or a public GitHub URL. Common failure modes: (1) you passed a private repository URL — clone it locally first and run spidershield audit /local/path; (2) the repository lacks PyPI metadata or a recognized MCP server entry point — confirm the repository contains a valid pyproject.toml or MCP manifest; (3) you're on an outdated SpiderShield version — run pip install --upgrade spidershield and retry.

Comparison tool returns identical scores for two different tools

If the Pro-tier comparison view shows the same score for two skills, double-check that you entered different identifiers — duplicate names sometimes resolve to the same canonical entry. Also confirm both tools have completed their initial Quick Scan: tools without a current scan show a placeholder zero score in comparisons.

High security score but skill still fails downstream review

A 90+ Spiderrating score means the skill passes 46 codified rules. It does *not* mean immunity from runtime attacks (prompt injection, jailbreaks), zero-day vulnerabilities in dependencies, or use-case-specific risk. If your security team rejects a high-scoring skill, ask which threat layer their objection covers — runtime, supply-chain, or use-case — and add Lasso Security or Snyk MCP Scan to your audit stack to cover that gap.

Re-scan score doesn't change after fixing a failed rule

Spiderrating's leaderboard refreshes weekly. After you push a fix, either request an immediate re-scan via the tool's detail page, or wait until the next weekly refresh cycle. If the score still doesn't change after a fresh scan, the rule may be triggered by a code path or configuration you haven't fully fixed — re-run SpiderShield locally to see the exact location of the remaining violation, then patch and re-scan.

SpiderShield JSON output is hard to parse for CI/CD

SpiderShield outputs structured JSON with a top-level security_score and a rules array. To gate CI on a minimum score, pipe the output through jq: spidershield audit . | jq '.security_score > 85'. To fail builds on specific rule failures, filter for "status": "fail" entries. Don't parse the human-readable text output — the JSON shape is stable across versions; the CLI text formatting may change.

Next steps

  • Evaluate runtime protection for your integration: Spiderrating provides pre-integration security ratings; tools like Lakera and Protect AI add runtime guardrails for prompt injection, model drift, and adversarial attacks. Consider both layers in your deployment.
  • Set up SpiderShield in your CI/CD pipeline: If you're maintaining an MCP server or Claude skill, integrate spidershield audit into your GitHub Actions or GitLab CI to catch security regressions before merging code.
  • Compare Spiderrating against competing auditing tools: MCP Market offers a directory of MCP servers but without deterministic security scoring; Invariant Labs' MCP Scan (now part of Snyk's acquisition in 2025) provides vulnerability scanning but focuses on dependencies rather than deterministic rules. Review how each approach fits your evaluation process.
  • Join the Spiderrating community: Check out the open-source SpiderShield repository on GitHub to understand the 46 rules in detail, propose new rules, or contribute security checks for emerging threat classes.

Frequently asked questions

How does Spiderrating's 46-rule methodology differ from manual security review?

Spiderrating's rules are deterministic and codified — the same skill scanned twice will always produce the same result, making audits reproducible and comparable across tools. Manual security review relies on expert judgment and varies by reviewer. Spiderrating occupies the same verification layer as CVSS scores or static analysis tools: transparent, deterministic, and open-source via SpiderShield.

What do the three dimensions—security score, description quality, and metadata health—measure?

Security score measures code and configuration vulnerabilities across 46+ rules covering token leakage, SSRF, sandbox escape, and input validation. Description quality measures whether the skill's documentation is complete and accurate for integration teams. Metadata health measures whether the tool publishes required fields (version, author, license, dependencies).

Can I use Spiderrating scores to replace runtime security monitoring?

No. Spiderrating evaluates pre-integration security based on code and configuration; it does not monitor runtime behavior, detect prompt injection attacks, or catch zero-day exploits. Teams that integrate high-risk Claude skills should layer Spiderrating's pre-integration ratings with runtime protection from tools like Lakera or Protect AI.

How often does Spiderrating update scores and leaderboards?

Leaderboards refresh weekly, and scores update when you submit a new tool or when the tool's code or dependencies change. If you've fixed a failing rule in your MCP server, you can request an immediate re-scan via the tool's detail page, or wait for the next weekly refresh.

Is SpiderShield available for local audit before publishing my skill?

Yes. SpiderShield is an open-source PyPI package that implements the same 46 rules as Spiderrating. Install it locally (pip install spidershield) and run spidershield audit /path/to/repo to test your MCP server or Claude skill before publication or integration.

What's the difference between Spiderrating and MCP Market?

MCP Market is a marketplace and directory for MCP servers with commercial listings and community curation. Spiderrating is a deterministic security rating platform that indexes 15,923+ AI tools and scores them across 46 security rules, description quality, and metadata health.

How much does Spiderrating cost, and when should I upgrade from Free to Pro?

Free tier grants full leaderboard access at no cost. Pro ($49/month) adds comparison tools, Quick Scan, and weekly refresh alerts. Business ($199/month) adds API access and historical audit trails. Enterprise is available for custom quotes. Use Free if you only need to search and view public ratings; upgrade to Pro if you regularly compare multiple tools or run Quick Scans.

← Back to Blog