Trust Assessment
3d-web-experience received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 3 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Potential Command Injection via Shell Command Example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Potential Command Injection via Shell Command Example The skill provides a shell command example for `gltf-transform`. If the LLM is instructed to generate and execute this command with user-controlled input for filenames (e.g., `input.glb`, `output.glb`), and the LLM's execution environment does not properly sanitize or escape these inputs, it could lead to command injection. An attacker could craft a malicious filename to execute arbitrary commands on the host system. When generating shell commands based on user input, ensure all user-provided arguments are strictly validated and properly escaped or quoted to prevent command injection. If direct execution of generated commands is enabled, consider sandboxing the execution environment or using safer APIs that do not directly invoke a shell. | Static | SKILL.md:90 | |
| MEDIUM | Unpinned Dependency in Installation Instruction The skill suggests installing `@gltf-transform/cli` using `npm install -g @gltf-transform/cli` without specifying a version. This practice can introduce supply chain risks, as a future malicious update to the package could be installed automatically. Additionally, if an attacker could trick the LLM into suggesting a typosquatted package name, it could lead to the installation of malicious software. When providing installation instructions for dependencies, always recommend pinning to a specific, known-good version (e.g., `npm install -g @gltf-transform/cli@1.2.3`). Advise users to verify package integrity and source before installation. The LLM should also be trained to warn users about the risks of unpinned dependencies and typosquatting. | Static | SKILL.md:87 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/32d304079a0fa02b)
Powered by SkillShield