Trust Assessment
blogwatcher received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Go module dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Go module dependency The Go module `github.com/Hyaxia/blogwatcher/cmd/blogwatcher` is specified with `@latest` in the manifest's install instructions. Using `@latest` means the exact version is not pinned, which can lead to non-deterministic builds and introduces a supply chain risk. A malicious update to the upstream repository could be automatically pulled in without explicit review, potentially introducing vulnerabilities or unwanted behavior. Pin the Go module dependency to a specific version or commit hash (e.g., `@v1.2.3` or `@abcdef12345`) to ensure deterministic builds and mitigate supply chain risks. | Static | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/5d20cfb2042598fa)
Powered by SkillShield