Trust Assessment
activecampaign received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Reliance on unverified external binary.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Reliance on unverified external binary The skill's manifest declares a dependency on an external binary named 'activecampaign' (`requires.bins: ["activecampaign"]`). The source, integrity, and security of this binary are not specified or verifiable within the provided skill package context. This introduces a supply chain risk, as a malicious or vulnerable 'activecampaign' binary could compromise the agent or its environment if not properly sourced and validated. Specify the trusted source of the 'activecampaign' binary (e.g., a specific package manager, a verified repository, or a URL with a cryptographic hash) and include integrity checks in the skill's installation or setup process to ensure the binary has not been tampered with. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/ae022373a9d76d60)
Powered by SkillShield