Trust Assessment
local-skills-mcp-guide received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 4 critical, 3 high, 0 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Skill attempts to define LLM's persona and task.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on April 1, 2026 (commit d7538ceb). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/local-skills-mcp-guide/SKILL.md:63 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/local-skills-mcp-guide/SKILL.md:117 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/local-skills-mcp-guide/SKILL.md:154 | |
| CRITICAL | Skill attempts to define LLM's persona and task The skill content directly instructs the host LLM on its role and how it should behave when interacting with users regarding the `local-skills-mcp` codebase. Phrases like 'Your task is to help users understand...' and 'When helping users navigate the Local Skills MCP codebase, always:' are direct commands to the LLM, attempting to manipulate its persona and conversational flow. This is a form of prompt injection, even if the intent is to make the LLM a better guide for this specific repository. Rephrase the skill content to be purely descriptive information about the `local-skills-mcp` repository, rather than direct instructions to the LLM. The LLM should infer its role from the content, not be explicitly told what its task is. For example, instead of 'Your task is to help users...', the skill could start with 'This document provides a guide to the Local Skills MCP server repository...' and then describe the content. The 'When helping users...' sections should be rephrased as 'Key points for contributing include...' or 'Important considerations when navigating the codebase are...' | LLM | SKILL.md:5 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/local-skills-mcp-guide/SKILL.md:63 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/local-skills-mcp-guide/SKILL.md:117 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/local-skills-mcp-guide/SKILL.md:154 |
Scan History
Embed Code
[](https://skillshield.io/report/23074e6a23c1fcaa)
Powered by SkillShield