Security Audit
huggingface-tokenizers
github.com/davila7/claude-code-templatesTrust Assessment
huggingface-tokenizers received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 1 medium, and 3 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Unpinned Dependencies in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Unpinned Dependencies in Installation Instructions The installation instructions in SKILL.md recommend installing Python packages ('tokenizers', 'transformers') without specifying exact versions. This practice can lead to supply chain vulnerabilities if a malicious or incompatible version of these packages is published in the future. It's best practice to pin dependencies to specific versions or at least major versions to ensure reproducibility and security. Pin dependencies to specific versions (e.g., `pip install tokenizers==0.20.0 transformers==4.30.0`) or at least major versions (e.g., `pip install 'tokenizers<0.21'`) in the installation instructions. This helps prevent unexpected behavior or security vulnerabilities from future package updates. | Static | SKILL.md:40 | |
| LOW | Unpinned Dependencies in Manifest The skill's manifest lists dependencies ('tokenizers', 'transformers', 'datasets') without specifying exact versions. This can lead to supply chain vulnerabilities if a malicious or incompatible version of these packages is published. While common for general descriptions, for robust security and reproducibility, dependencies should ideally be pinned. Specify exact versions for all dependencies in the `dependencies` array within the manifest (e.g., `"tokenizers==0.20.0"`). This ensures that the skill always uses tested and known-good versions of its dependencies, mitigating risks from future updates or malicious package releases. | Static | manifest.json:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b9f601a59cf1256f)
Powered by SkillShield