Trust Assessment
activecampaign received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unmanaged Binary Dependency (Supply Chain Risk).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unmanaged Binary Dependency (Supply Chain Risk) The skill relies on an external binary named 'activecampaign' as indicated by the manifest and usage examples in SKILL.md. The documentation does not specify how this binary is installed, its source, or versioning information. This lack of control over the binary's origin and integrity introduces a supply chain risk, as a compromised or malicious 'activecampaign' binary could lead to data exfiltration, command injection, or other security breaches if executed by the agent. Specify the installation method, source, and version for the 'activecampaign' binary. Ideally, package the binary within the skill, use a trusted package manager with version pinning, or provide cryptographic hashes for verification. Ensure the binary's integrity is checked before execution. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/4b78c31070a73002)
Powered by SkillShield