Trust Assessment
8004 received a trust score of 98/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Unpinned third-party dependencies in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned third-party dependencies in installation instructions The skill's installation instructions recommend installing third-party packages (`@chaoschain/sdk`, `chaoschain-sdk`) without specifying exact versions. This practice can lead to supply chain attacks if a malicious update is pushed to the package registry or if a typosquat package is installed. While this skill is a rubric and these are examples for the user, it's a security best practice to pin dependency versions. Pin exact versions for all third-party dependencies in installation instructions (e.g., `npm install @chaoschain/sdk@1.0.0` or `pip install chaoschain-sdk==1.0.0`). Regularly audit dependencies for vulnerabilities. | LLM | SKILL.md:42 |
Scan History
Embed Code
[](https://skillshield.io/report/a80839d72bbe2b03)
Powered by SkillShield