Trust Assessment
conversation-summary received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Conversation data sent to external third-party endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Conversation data sent to external third-party endpoint The skill documentation indicates that user conversation content (`chatList`) and previous summaries (`historySummary`) are sent to an external API endpoint: `https://iautomark.sdm.qq.com/assistant-analyse/v1/assistant/poc/summary/trigger`. This constitutes data exfiltration of potentially sensitive user data to a third-party service. The 'poc' (Proof of Concept) segment in the URL further suggests this might not be a production-grade or officially sanctioned endpoint for general use, raising concerns about data handling, privacy, and the security posture of the endpoint. Ensure explicit user consent is obtained before sending conversation data to external services. Clearly disclose the specific endpoint and its data privacy policy. If this is a third-party service, consider using a more officially supported and production-ready API. Implement robust error handling and data validation for the external API calls. For internal services, ensure the endpoint is secure and compliant with data privacy regulations. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/cf3102d8def40327)
Powered by SkillShield