Trust Assessment
think-cog received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Skill Dependency.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit b520750d). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Skill Dependency The skill declares a dependency on 'cellcog' without specifying a version. This 'unpinned' dependency means that any future updates to the 'cellcog' skill, including potentially breaking changes or malicious code, would be automatically incorporated without explicit review. This introduces a supply chain risk, as the behavior and security of 'think-cog' become entirely reliant on the upstream 'cellcog' skill's integrity at the time of installation or update. Pin the 'cellcog' skill dependency to a specific version (e.g., `"cellcog@1.2.3"`) or a version range (e.g., `"cellcog@^1.0.0"`) to ensure predictable behavior and mitigate risks from unexpected or malicious updates. Regularly review and update pinned dependencies. | Unknown | Manifest (frontmatter JSON):1 |
Scan History
Embed Code
[](https://skillshield.io/report/3f5bbc48c62fd7ba)
Powered by SkillShield