Trust Assessment
24konbini received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned CLI Tool Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned CLI Tool Dependency The skill instructs the agent to execute the `konbini` CLI tool using `npx`. The command `npx konbini` does not specify a version, meaning it will always fetch and execute the latest version from the npm registry. This introduces a supply chain risk where a compromised or malicious update to the `konbini` package could lead to arbitrary code execution on the agent's system without explicit consent or review of the new version. Specify a pinned version for the `konbini` package when using `npx` (e.g., `npx konbini@2.2.0`) to ensure deterministic execution and prevent automatic updates to potentially malicious versions. Regularly review and update the pinned version after verifying its integrity. | LLM | skill.md:300 |
Scan History
Embed Code
[](https://skillshield.io/report/89df8801f26d1780)
Powered by SkillShield