Trust Assessment
Citedy SEO Agent received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 1 low severity. Key findings include Hostname disclosure during agent registration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Hostname disclosure during agent registration The `scripts/register.mjs` script uses `os.hostname()` to generate a default agent name. This hostname is then sent to the `citedy.com` registration endpoint. While intended for identification, disclosing the local machine's hostname could potentially reveal internal network naming conventions or system details to the third-party service. This is a controlled information leak to the intended service, but it is still system-level data. Modify the script to allow the user to explicitly provide the agent name without defaulting to `hostname()`, or hash/obfuscate the hostname if it must be used for identification, to prevent direct disclosure of system naming conventions. | LLM | scripts/register.mjs:12 |
Scan History
Embed Code
[](https://skillshield.io/report/fb97ea86bab74f7c)
Powered by SkillShield