Trust Assessment
langsmith-fetch received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Dependency Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 16, 2026 (commit ccf6204f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Dependency Installation The skill instructs the installation of a Python package (`langsmith-fetch`) without specifying a version. This can lead to supply chain risks, as future versions of the package might introduce vulnerabilities, breaking changes, or unexpected behavior. It also makes the build non-deterministic. Pin the dependency to a specific version (e.g., `pip install langsmith-fetch==X.Y.Z`) to ensure deterministic installations and prevent unexpected changes from new versions. Consider using a virtual environment for installations to isolate dependencies. | Static | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/fe9c37c495f26891)
Powered by SkillShield