Security Audit
claude-dev-suite/claude-dev-suite:skills/api-design/rest-api
github.com/claude-dev-suite/claude-dev-suiteTrust Assessment
claude-dev-suite/claude-dev-suite:skills/api-design/rest-api received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Undeclared tool usage in skill content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 16, 2026 (commit 8c8434ef). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Undeclared tool usage in skill content The skill's content instructs the LLM to use the `mcp__documentation__fetch_docs` tool. However, this tool is not listed in the `allowed-tools` section of the manifest, which explicitly declares only `Read, Grep, Glob`. Attempting to use tools not explicitly allowed bypasses the declared permission model and could lead to unintended actions or access to unauthorized capabilities. Either add `mcp__documentation__fetch_docs` to the `allowed-tools` list in the skill's manifest if its usage is intended and safe, or remove the instruction to use this tool from the `SKILL.md` content. | Static | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/31a5d8276b3a79b1)
Powered by SkillShield