Trust Assessment
tushare-api received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Python dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 1, 2026 (commit d9778b27). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Python dependency The skill implicitly depends on the `tushare` Python package, as indicated by import statements in the provided scripts. However, there is no `requirements.txt` or `pyproject.toml` file specifying a pinned version for this dependency. This can lead to supply chain risks, as installing the latest version of `tushare` might introduce breaking changes, unexpected behavior, or security vulnerabilities if a future version is compromised or a typosquat package is installed. Add a `requirements.txt` file or `pyproject.toml` to the skill package, explicitly pinning the version of `tushare` (e.g., `tushare==X.Y.Z` or `tushare~=X.Y`). This ensures that a consistent and tested version of the dependency is used. | Static | scripts/analyze_bank_stocks.py:8 |
Scan History
Embed Code
[](https://skillshield.io/report/361dabf86c47e499)
Powered by SkillShield