Trust Assessment
gget received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Direct Credential Input for Third-Party Tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Credential Input for Third-Party Tool The skill's documentation (`SKILL.md`) explicitly instructs users to provide sensitive credentials (email, password, and API keys) directly on the command line for the `gget cosmic` and `gget gpt` modules. While the provided Python scripts do not directly handle these credentials, the `gget` tool, which is the subject of this skill, is designed to accept them. This poses a significant credential harvesting risk if the `gget` tool itself or its underlying dependencies are compromised or malicious, as the credentials would be passed directly to an external, untrusted component. Advise users to store credentials securely (e.g., environment variables, secure configuration files) and ensure the `gget` tool handles them safely. If possible, integrate with a secrets management system. Clearly warn users about the risks of providing credentials to third-party tools. | LLM | SKILL.md:480 | |
| HIGH | Direct API Key Input for Third-Party Tool The skill's documentation (`SKILL.md`) explicitly instructs users to provide an OpenAI API key directly on the command line for the `gget gpt` module. This poses a significant credential harvesting risk if the `gget` tool itself or its underlying dependencies are compromised or malicious, as the API key would be passed directly to an external, untrusted component. Additionally, exposing API keys directly in command-line history can be a security vulnerability. Advise users to store API keys securely (e.g., environment variables, secure configuration files) and ensure the `gget` tool handles them safely. If possible, integrate with a secrets management system. Clearly warn users about the risks of exposing API keys. | LLM | SKILL.md:508 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Unpinned Dependencies in Installation Instructions The installation instructions in `SKILL.md` recommend `uv pip install gget` and `uv pip install openmm`. These commands install packages from public repositories without specifying exact versions (i.e., unpinned dependencies). This introduces a supply chain risk where a compromised or malicious version of `gget` or `openmm` (or their transitive dependencies) could be installed, potentially leading to arbitrary code execution or data exfiltration. While `uv` provides some integrity checks, relying on the latest version without explicit pinning increases the risk surface. Pin all dependencies to specific, known-good versions (e.g., `uv pip install gget==X.Y.Z`). Regularly review and update these pinned versions to incorporate security patches while maintaining control over the installed software. | LLM | SKILL.md:26 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/b4958e830b4c3627)
Powered by SkillShield