Trust Assessment
pod-cog received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency in Manifest.
The analysis covered 4 layers: llm_behavioral_safety, manifest_analysis, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit b520750d). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependency in Manifest The skill's manifest specifies a dependency ('cellcog') without a version constraint. This means that any future update to the 'cellcog' skill, even a breaking or malicious one, could be automatically pulled in without explicit review, potentially introducing vulnerabilities or unexpected behavior into 'pod-cog'. Pin the 'cellcog' dependency to a specific major or minor version (e.g., 'cellcog==1.0.0' or 'cellcog~=1.0') in the manifest to ensure predictable behavior and prevent unintended updates. Regularly review and manually update dependencies. | Unknown | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/240db2cf43835262)
Powered by SkillShield