Security Audit
ferminrp/agent-skills:skills/mapcn
github.com/ferminrp/agent-skillsTrust Assessment
ferminrp/agent-skills:skills/mapcn received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in installation command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 24, 2026 (commit 84b0da63). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned dependency in installation command The installation command `npx shadcn@latest add @mapcn/map` uses `@latest` for the `shadcn` CLI. This means the exact version of the CLI is not pinned, which can lead to non-deterministic installations. If a future version of the `shadcn` CLI or its dependencies introduces breaking changes or malicious code, it could affect projects using this installation method. While `shadcn` components are typically copied, the CLI itself is executed. Recommend pinning the `shadcn` CLI version to a specific, known-good version (e.g., `npx shadcn@1.0.0 add @mapcn/map`) to ensure deterministic installations and mitigate risks from future malicious updates to the CLI. | Static | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/0b33a60a7493d3ed)
Powered by SkillShield