78
TRUSTED0
Critical
Immediate action required
1
High
Priority fixes suggested
1
Medium
Best practices review
0
Low
Acknowledged / Tracked
Trust Assessment
This report is partially verified. Deterministic layers ran, but LLM behavioral analysis (L4) was not executed for this scan.
The current score of 78/100 is provisional and may change after a full L4 verification run.
Last analyzed on February 10, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Manifest Analysis
100%Static Code Analysis
78%Dependency Graph
100%LLM Behavioral SafetyNot run
—Behavioral Risk Signals
Filesystem Write
1 finding
Shell Execution
1 finding
Excessive Permissions
1 finding
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/smartpeopleconnected/token-optimizer/skills/agent-memory/SKILL.md:26 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/smartpeopleconnected/token-optimizer/skills/agent-memory/SKILL.md:1 |