Trust Assessment
atl-browser received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned Git Repository Clone, Broad Tool Access for Unpinned Code.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Git Repository Clone The skill clones a Git repository (`https://github.com/JordanCoin/Atl`) without specifying a particular commit hash, tag, or branch. This means that future installations could pull down new, potentially malicious, or breaking changes introduced by the repository maintainers or a compromised account. This is a common supply chain risk. Pin the Git clone operation to a specific commit hash (e.g., `git clone <repo> <path> && cd <path> && git checkout <commit_hash>`) or a version tag to ensure deterministic and secure installations. | LLM | Manifest:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jordancoin/atl-mobile/scripts/setup.sh:5 | |
| MEDIUM | Broad Tool Access for Unpinned Code The skill's setup script (`scripts/setup.sh`) uses powerful system tools like `xcodebuild` and `xcrun simctl` to build and install an application. While these permissions are necessary for the skill's functionality (iOS simulator automation), the fact that the application is sourced from an unpinned Git repository (as identified in SS-SCRM-001) means that arbitrary code could be built and executed with these elevated privileges if the upstream repository is compromised. This combination increases the risk of command injection or malicious code execution. In conjunction with pinning the Git repository (SS-SCRM-001), consider sandboxing the build and installation process if possible, or at minimum, ensure the source code is thoroughly reviewed and trusted before execution with such broad permissions. | LLM | scripts/setup.sh:34 |
Scan History
Embed Code
[](https://skillshield.io/report/0b7bec342a30ed30)
Powered by SkillShield