Trust Assessment
apify-sdk-integration received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned dependency installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 18297b63). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned dependency installation The skill recommends installing `apify-client` without specifying a version. Installing dependencies without pinning exact or major versions can lead to unexpected behavior, breaking changes, or introduce vulnerabilities if a future version of the package is compromised or contains regressions. While `apify-client` is a legitimate package, this practice generally increases supply chain risk. Recommend pinning dependency versions (e.g., `npm install apify-client@^1.0.0` for JavaScript/TypeScript or `pip install apify-client==1.x.x` for Python) to ensure stability and mitigate risks from future package updates. This should be a recommendation for the user's application, not necessarily for the skill itself. | Static | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/03c7cb8d9777fe0d)
Powered by SkillShield