Trust Assessment
codebuddy-cli received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill documents highly dangerous tool flag for file system manipulation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill documents highly dangerous tool flag for file system manipulation The skill describes the `codebuddy` CLI tool, which includes a flag `--dangerously-skip-permissions`. The skill itself explicitly warns that this flag can lead to 'file deletion, scope creep, [and] data loss' and advises 'Never use in production.' While the skill provides a warning, an AI agent using this skill might be prompted to use this flag, potentially leading to severe security consequences, including unauthorized data access, modification, or deletion on the host system. Implement strict guardrails to prevent the AI agent from ever invoking the `--dangerously-skip-permissions` flag. Consider modifying the skill documentation to explicitly state that this flag should never be used by an AI agent, or remove its documentation entirely if its use is deemed too risky for an automated context. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/af667b0cf96c273f)
Powered by SkillShield