Trust Assessment
apple-notes received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external tool dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned external tool dependency The skill relies on the `memo` CLI tool, which is installed via Homebrew using the `antoniorodr/memo/memo` formula. The skill's manifest does not specify a particular version of `memo` to be installed. This means that any future updates to the `antoniorodr/memo` Homebrew formula could introduce breaking changes, vulnerabilities, or even malicious code without explicit review by the skill author. This introduces a supply chain risk as the skill will always use the latest available version. Specify a precise version or commit hash for the `memo` tool in the Homebrew installation definition within the manifest, or implement a mechanism to validate the installed version. Regularly audit the upstream `antoniorodr/memo` repository for security issues. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6709fe94769fbb04)
Powered by SkillShield