Trust Assessment
bear-notes received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency for `grizzly` tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency for `grizzly` tool The skill's manifest installs the `grizzly` tool using `@latest`, which means the dependency is unpinned. This allows for arbitrary code changes in the upstream repository to be pulled without explicit version control, posing a significant supply chain risk. A malicious update to the `grizzly` repository could introduce vulnerabilities or backdoors into the installed tool. Pin the `grizzly` dependency to a specific, immutable version (e.g., a commit hash or a semantic version tag like `v1.2.3`) to ensure deterministic builds and prevent unexpected changes. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e5c2154f74828b75)
Powered by SkillShield