Trust Assessment
adaptyv received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 2 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Unpinned dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Potential for `webhook_url` abuse via prompt injection The example code for submitting an experiment includes a `webhook_url` parameter. If the host LLM is prompted to dynamically generate or fill this URL based on untrusted user input or internal LLM state, it could be coerced into sending sensitive data to an attacker-controlled endpoint (data exfiltration) or performing Server-Side Request Forgery (SSRF) against internal services accessible to the LLM's execution environment. While the provided example uses a placeholder, the mechanism exists for potential abuse. When generating code that uses this skill, the host LLM should validate any `webhook_url` provided by the user or generated internally. This validation could include whitelisting allowed domains, sanitizing the URL, or explicitly confirming the URL with the user before execution. The skill documentation could also add a warning about providing untrusted URLs. | Static | SKILL.md:50 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Unpinned dependencies in installation instructions The skill's installation instructions recommend installing `requests` and `python-dotenv` without specifying version pins. This can lead to supply chain vulnerabilities if a future version of these packages introduces malicious code or breaking changes. It also makes the skill less reproducible. Pin dependencies to specific, known-good versions (e.g., `requests==2.28.1 python-dotenv==0.21.0`) or use a lock file mechanism to ensure consistent and secure installations. | Static | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/261b0806a5e0b656)
Powered by SkillShield