Trust Assessment
cellcog received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Python dependency in manifest.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit b520750d). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Python dependency in manifest The `install` section in the manifest specifies `pip: "cellcog"` without a version pin. This allows for automatic updates to potentially incompatible or malicious versions of the `cellcog` package, introducing a supply chain risk. An attacker could publish a malicious package with a higher version number, which would then be installed. Pin the dependency to a specific major or minor version, e.g., `"pip": "cellcog==1.2.3"` or `"pip": "cellcog~=1.2"`. | Unknown | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/55a4f6c470b335b4)
Powered by SkillShield