Trust Assessment
slack-gif-creator received a trust score of 27/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 4 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on July 1, 2026 (commit 35414756). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/slack-gif-creator/core/easing.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/slack-gif-creator/core/frame_composer.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/slack-gif-creator/core/gif_builder.py:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio-ffmpeg>=0.4.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:4 |
Scan History
Embed Code
[](https://skillshield.io/report/782267958d1e7fb4)
Powered by SkillShield