Security Audit

capmetro-skill

github.com/brianleach/capmetro-skill

AI SkillCommit 1a831030a4d2

TRUSTED

Scanned 3 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

capmetro-skill received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version.

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 1a831030). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

100%

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Unpinned npm dependency version Dependency 'protobufjs' is not pinned to an exact version ('^8.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Unknown	/tmp/skillscan-clone-psxl7x48/repo/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d7d904417879e5e9.svg)](https://skillshield.io/report/d7d904417879e5e9)