Security Audit
deploy-react-frontend
github.com/algorand-devrel/algorand-agent-skillsTrust Assessment
deploy-react-frontend received a trust score of 97/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned Dependencies in Installation Command.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, static_code_analysis, manifest_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit aafc1c60). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned Dependencies in Installation Command The skill provides `npm install` commands without pinning package versions. This practice can expose the user to supply chain attacks if a dependency is compromised in a future update. An attacker could publish a malicious version, and users following these instructions would automatically install it, leading to potential code execution on the developer's machine. For production or security-sensitive environments, it's recommended to pin dependencies. The instructions could be amended to suggest creating a `package.json` and using `npm ci` with a `package-lock.json` file, or at least mentioning the importance of reviewing and locking dependency versions. | Unknown | SKILL.md:47 |
Scan History
Embed Code
[](https://skillshield.io/report/00d534a163421d15)
Powered by SkillShield