Trust Assessment
agropainel received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 0 high, 5 medium, and 1 low severity. Key findings include Missing required field: name, Suspicious import: requests, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ediogoq/agropainel/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ediogoq/agropainel/fetch_prices.py:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ediogoq/agropainel/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'beautifulsoup4' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ediogoq/agropainel/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytz' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/ediogoq/agropainel/requirements.txt:3 | |
| LOW | Unpinned dependencies in requirements.txt The `requirements.txt` file specifies dependencies without pinning them to exact versions. This can lead to non-deterministic builds and introduces a supply chain risk, as a future malicious update to an unpinned package could be automatically installed, potentially introducing vulnerabilities or malicious code. Pin all dependencies to exact versions (e.g., `requests==2.28.1`) to ensure reproducible builds and mitigate risks from future malicious updates. It is recommended to use `pip freeze > requirements.txt` after verifying a working set of dependencies. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/7c33dc6049870e9c)
Powered by SkillShield