Trust Assessment
frontend-design received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Excessive Permissions Declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions Declared The skill declares broad filesystem permissions (Read, Write, Edit, Glob, Grep) in its manifest. While the skill's content is a design rubric and its examples are non-executable, granting such extensive access to an AI agent poses a significant security risk. A compromised agent or a malicious instruction could leverage these permissions to read, modify, or delete arbitrary files, or exfiltrate sensitive data from the host system. For a skill that primarily provides design guidelines, these permissions appear to be overly broad. Review and restrict the `allowed-tools` permissions to the absolute minimum necessary for the skill's intended function. If this skill is purely descriptive and does not require direct filesystem interaction, consider removing all filesystem-related permissions. | LLM | Manifest | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave-frontend/skills/frontend-design/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/383dbb5c14f1b113)
Powered by SkillShield