Trust Assessment
amplitude received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Direct credential exposure in curl command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Direct credential exposure in curl command The `curl` commands demonstrate using `$AMPLITUDE_API_KEY:$AMPLITUDE_SECRET_KEY` directly in the `-u` argument for HTTP Basic Authentication. This pattern exposes sensitive credentials in the command line, which can be visible in process lists (`ps -ef`), shell history, and system logs, making them vulnerable to unauthorized access if the execution environment is not adequately secured. Avoid passing credentials directly in command-line arguments. Consider using a `.netrc` file, passing credentials via request headers (if supported by the API and not exposed in logs), or using a dedicated client library that handles authentication more securely (e.g., by reading from environment variables directly into memory without exposing them on the command line). | LLM | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/8c0f4c7640219bab)
Powered by SkillShield