Trust Assessment
byterover-headless received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Instruction to handle API key, Instruction to curate and upload local files without restriction, Unpinned npm dependency in manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Instruction to handle API key The skill explicitly instructs the LLM to ask the user for an API key and then use it for authentication via `brv login --api-key <key>`. Handling sensitive credentials like API keys directly within the LLM's context poses a significant risk if the LLM is compromised or if the key is not handled securely (e.g., logged, stored persistently, or exposed). Implement robust secure handling for API keys. This includes: never logging the key, using ephemeral storage, requiring explicit user confirmation for each use, and ensuring the key is not exposed to untrusted contexts. Consider using environment variables or a secure credential manager instead of direct input. | LLM | SKILL.md:20 | |
| MEDIUM | Instruction to curate and upload local files without restriction The skill instructs the LLM to use the `brv curate --files` command to include specific local files for context. While this is a feature of the tool, the skill provides no explicit guidance or restrictions on *which* files the LLM should select or avoid. This creates a risk of data exfiltration if the LLM is prompted by a malicious user to curate sensitive files (e.g., configuration files, private keys, or personal data) or if the LLM's own reasoning leads it to select inappropriate files for upload to the ByteRover cloud. Add explicit instructions for the LLM to strictly limit file curation to non-sensitive project-specific files. Implement a whitelist of allowed file types or directories, and always require explicit user confirmation before curating any file, especially those outside a clearly defined project scope or containing potentially sensitive information. | LLM | SKILL.md:77 | |
| MEDIUM | Unpinned npm dependency in manifest The skill's manifest specifies the `@byterover/cli` npm package without a version constraint. This means the latest version will always be installed. If a malicious or vulnerable version of `@byterover/cli` is published, the skill could automatically install it, introducing a supply chain vulnerability. Pin the dependency to a specific version or a narrow version range (e.g., `"@byterover/cli": "1.0.0"` or `"@byterover/cli": "^1.0.0"`) to prevent unexpected or malicious updates. Regularly review and update pinned dependencies. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/1934b3a5fcbd847f)
Powered by SkillShield