Trust Assessment
clanker received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependencies in installation instructions.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 66de0a1e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependencies in installation instructions The installation instructions for the `clanker-sdk` and `viem` packages do not specify version numbers. This practice can lead to supply chain vulnerabilities, as installing the 'latest' version might inadvertently pull in malicious code if the package repository is compromised, or introduce breaking changes that affect the skill's functionality. This could potentially compromise user private keys or funds if a malicious version of `clanker-sdk` or `viem` were installed. Always specify exact versions or use version ranges (e.g., `clanker-sdk@^1.0.0 viem@^2.0.0`) for all dependencies in installation instructions and any `package.json` files. This ensures predictable and secure dependency resolution. | Unknown | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/8b447dee259d9740)
Powered by SkillShield