Security Audit
documentation-lookup
github.com/affaan-m/everything-claude-codeTrust Assessment
documentation-lookup received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential sensitive data exposure via external tool calls.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 20, 2026 (commit 9a478ad6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential sensitive data exposure via external tool calls The skill instructs the agent to pass the user's full question (`query`) directly to external tools (`resolve-library-id` and `query-docs`). While a 'Best Practice' advises redacting sensitive data (API keys, passwords, tokens, etc.), this relies on the agent's interpretation and execution, which is not a guaranteed programmatic safeguard. This creates a risk that sensitive user information present in the query could be inadvertently transmitted to the third-party Context7 MCP service. Implement a robust, programmatic sanitization or redaction step for user queries *before* they are passed to external tools. This could involve using a dedicated function or a predefined set of regex patterns to identify and remove common sensitive data patterns. Alternatively, consider if the full user query is strictly necessary for the tool, or if a sanitized version would suffice. The agent should not rely solely on its own interpretation for sensitive data handling. | LLM | SKILL.md:89 |
Scan History
Embed Code
[](https://skillshield.io/report/ca11ffdc3467151e)
Powered by SkillShield