Trust Assessment
codebuddy-cli received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill documents and exemplifies use of dangerous '--dangerously-skip-permissions' flag.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill documents and exemplifies use of dangerous '--dangerously-skip-permissions' flag The skill documents the `codebuddy` CLI tool, including the `--dangerously-skip-permissions` (`-y`) flag, which can lead to file deletion, scope creep, and data loss. While a warning is provided ('Never use in production.'), the skill also includes an explicit example of how to use this flag: `codebuddy -p "Review code quality" -y`. An AI agent using this skill might interpret this example as a valid way to invoke the tool, potentially leading to unintended and harmful file operations if executed in an inappropriate environment or without proper user confirmation. Remove the example demonstrating the use of `--dangerously-skip-permissions` or explicitly state that the example should *never* be executed by an AI agent. Alternatively, modify the example to use a safe mode or require explicit user confirmation. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/5e7f4ad4ac18b4c5)
Powered by SkillShield