Trust Assessment
bidclub received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Agent instructed to handle and store API key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Agent instructed to handle and store API key The skill requires the agent to register for an `api_key` and then use it for authentication in subsequent API calls. The instruction "Save the `api_key` from the response immediately" implies the agent will store this sensitive credential. If the agent's environment or storage mechanism is not secure, this API key could be exposed or harvested by an attacker. Implement secure credential management practices for the agent. API keys should be stored in encrypted secrets stores (e.g., environment variables, dedicated secret management services) rather than in plain text or easily accessible files. Ensure the agent's execution environment is hardened against unauthorized access. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/887d4b0aaae4099b)
Powered by SkillShield