Trust Assessment
animation-gen received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned `npx` command in usage examples.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned `npx` command in usage examples The skill documentation recommends using `npx ai-animation` without specifying a version. This means that running the command will always fetch and execute the latest version of the `ai-animation` package from npm. If a malicious update is published to `ai-animation`, users following this recommendation could unknowingly execute compromised code, leading to potential command injection or data exfiltration. Specify a pinned version for `npx` commands to ensure deterministic execution and mitigate risks from malicious updates. For example, `npx ai-animation@1.0.0 "fade in from left with bounce"` or recommend installing a specific version globally first (`npm install -g ai-animation@1.0.0`). | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/91ee2445ab9404f7)
Powered by SkillShield