Trust Assessment
planning-with-files received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Dangerous tool allowed: Bash, Excessive Permissions Declared.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 3e75fabd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Unknown | /tmp/skillscan-clone-gxmqu10d/repo/skills/planning-with-files/SKILL.md:1 | |
| LOW | Excessive Permissions Declared The skill declares 'WebFetch' and 'WebSearch' permissions in its manifest, but these tools are not utilized or justified by the provided skill code or scripts. Declaring unnecessary permissions grants the AI agent broader capabilities than required, increasing the attack surface if the agent were to be compromised or misused. Remove 'WebFetch' and 'WebSearch' from the 'allowed-tools' list in the manifest if they are not strictly necessary for the skill's functionality as implemented. Only declare permissions that are directly used and justified by the skill's code. | Unknown | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/12443ef6d08a81fb)
Powered by SkillShield