Trust Assessment
a0x-agents received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unverified remote file download for skill installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unverified remote file download for skill installation The skill's installation instructions involve downloading `SKILL.md` and `KNOWLEDGE.md` directly from a remote URL (`https://services-a0x-agents-mcp-dev-679925931457.us-west1.run.app`) using `curl`. There are no integrity checks (e.g., checksums, GPG signatures) to verify the authenticity or integrity of the downloaded files. A compromise of the remote server could lead to the installation of malicious skill content. Implement integrity checks for downloaded skill files, such as providing SHA256 checksums that users can verify, or signing the files with a GPG key. Alternatively, distribute skills through a trusted package manager that handles integrity verification. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/f02bfc083e4898c6)
Powered by SkillShield