Trust Assessment
agent-directory received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic loading of untrusted external skill definitions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dynamic loading of untrusted external skill definitions The skill instructs the agent to fetch and process `skill.md` files from URLs provided by an external service (`ctxly.com/services.json`). These URLs can point to arbitrary external domains (e.g., `https://www.moltbook.com/skill.md`). This creates a significant supply chain risk, as a compromised or malicious external service could serve a `skill.md` containing prompt injection, command injection, or other malicious instructions, which the agent might then execute or interpret. The skill implicitly trusts content from these dynamically discovered external sources. Implement strict validation and sandboxing for all dynamically loaded external skill definitions. Consider whitelisting trusted domains for `skill.md` files or requiring cryptographic signatures for external skill content. Agents should treat all fetched external skill content as untrusted and process it within a highly restricted environment, or prompt the user for explicit approval before processing. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/06805be4d8811a84)
Powered by SkillShield