Security Audit
speculative-decoding
github.com/davila7/claude-code-templatesTrust Assessment
speculative-decoding received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 3 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Direct GitHub Clone and Editable Install.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Direct GitHub Clone and Editable Install The skill instructs users to directly clone a GitHub repository (`git clone`) and then install it in editable mode (`pip install -e .`). This practice introduces a supply chain risk as it bypasses standard package manager integrity checks and relies solely on the security of the remote GitHub repository. A compromise of the GitHub repository could lead to the execution of arbitrary malicious code on the user's system. While the specified repositories (FasterDecoding/Medusa, hao-ai-lab/LookaheadDecoding) are associated with legitimate research, this installation method is less secure than installing from a trusted package index with version pinning and integrity hashes. For production or more secure environments, consider packaging these dependencies and hosting them on a private package index, or at minimum, providing specific commit hashes for `git clone` and instructions for a non-editable install from a local archive. If possible, encourage installation from PyPI or other trusted package managers once the projects are stable. | Static | SKILL.md:29 | |
| MEDIUM | Direct GitHub Clone and Editable Install The skill instructs users to directly clone a GitHub repository (`git clone`) and then install it in editable mode (`pip install -e .`). This practice introduces a supply chain risk as it bypasses standard package manager integrity checks and relies solely on the security of the remote GitHub repository. A compromise of the GitHub repository could lead to the execution of arbitrary malicious code on the user's system. While the specified repositories (FasterDecoding/Medusa, hao-ai-lab/LookaheadDecoding) are associated with legitimate research, this installation method is less secure than installing from a trusted package index with version pinning and integrity hashes. For production or more secure environments, consider packaging these dependencies and hosting them on a private package index, or at minimum, providing specific commit hashes for `git clone` and instructions for a non-editable install from a local archive. If possible, encourage installation from PyPI or other trusted package managers once the projects are stable. | Static | SKILL.md:34 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/f04fa7ef84f9affd)
Powered by SkillShield