Trust Assessment
video-cog received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency in Manifest.
The analysis covered 4 layers: llm_behavioral_safety, manifest_analysis, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit b520750d). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependency in Manifest The skill's manifest declares a dependency on 'cellcog' without specifying a version. This 'unpinned' dependency can lead to supply chain risks. If a future version of 'cellcog' introduces breaking changes, vulnerabilities, or malicious code, the 'video-cog' skill could unknowingly inherit these issues upon installation or update, potentially compromising the agent's security or stability. Pin the dependency to a specific version or a version range (e.g., `"cellcog==1.2.3"` or `"cellcog>=1.0.0,<2.0.0"`) in the `dependencies` array within the skill's manifest. This ensures that the skill always uses a tested and known-good version of the dependency, preventing unexpected behavior or security regressions from upstream changes. | Unknown | SKILL.md:3 |
Scan History
Embed Code
[](https://skillshield.io/report/eacded03dfd29f1e)
Powered by SkillShield