Security Audit
deploy-react-frontend
github.com/algorand-devrel/algorand-agent-skillsTrust Assessment
deploy-react-frontend received a trust score of 97/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned Dependencies in Installation Command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit aafc1c60). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned Dependencies in Installation Command The skill provides `npm install` commands without pinning package versions. This practice can expose the user to supply chain attacks if a dependency is compromised in a future update. An attacker could publish a malicious version, and users following these instructions would automatically install it, leading to potential code execution on the developer's machine. For production or security-sensitive environments, it's recommended to pin dependencies. The instructions could be amended to suggest creating a `package.json` and using `npm ci` with a `package-lock.json` file, or at least mentioning the importance of reviewing and locking dependency versions. | Static | SKILL.md:47 |
Scan History
Embed Code
[](https://skillshield.io/report/00d534a163421d15)
Powered by SkillShield