Trust Assessment
chdb-datastore received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on May 1, 2026 (commit d2841614). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependency in Installation Instructions The skill's installation instructions and manifest recommend `pip install chdb` without specifying a version. This introduces a supply chain risk, as a future malicious or buggy update to the `chdb` package could be automatically installed, compromising the agent's environment or data. It also makes builds non-deterministic. Pin the dependency to a specific version or version range (e.g., `pip install chdb==X.Y.Z` or `pip install 'chdb>=X.Y.Z,<A.B.C'`) to ensure deterministic and secure installations. Update the manifest and any installation instructions accordingly. | Static | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/cd6de6a7ad56f7be)
Powered by SkillShield